Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, January 23, 2013

‘Watering hole’ attackers hunt from Reporters without Borders - watering hole attack - CSO | The Res

The same Internet Explorer 8 flaw that hackers had a zero-day exploit for attacks on a US think thank website last year is now being used for attacks on visitors to human rights websites.  The website of NGO ‘Reporters without Borders’ is the latest launchpad for a so-called ‘watering hole attack’, which have hit numerous human rights website in the past weeks, Avast security researcher Jindrich Kubec wrote in a post Tuesday.

It’s the same method used in a typical drive-by download attack on random visitors, except the watering hole has been selected for the audience it attracts.

While recent watering hole attacks have relied on exclusive zero day flaws to compromise target systems, this one uses a recently patched IE flaw and two patched Java flaws to infect victims, wrote Kubec.

Features of the attack kit on Reporters without Borders’ website mean it’s likely to have been rigged by the same group behind recent attacks on Tibetan, Uygur human rights websites and political parties in Hong Kong and Taiwan, according to Kubec.  Ahead of Christmas last year, Chinese hackers were suspected of planting a watering hole that used a zero day flaw to net victims that visited the website of foreign policy think tank, Council on Foreign Relations.

The attack only served an exploit to browsers that run on operating systems using US English, Chinese, Taiwanese Chinese, Russian, Japanese or Korean, according to security firm FireEye.


Posted on 01/23