Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Keep The TechnoWorldInc.com Community Clean: Read Guidelines Here.
Recent Updates
Will iPhones cost more be...
by Saniya Abraham
[April 12, 2025, 01:54:20 PM]
OpenAI sues Elon Musk cla...
by Saniya Abraham
[April 12, 2025, 01:54:20 PM]
Microsoft rolls out AI sc...
by Saniya Abraham
[April 12, 2025, 01:54:20 PM]
Everyone's jumping on the...
by Saniya Abraham
[April 12, 2025, 01:54:20 PM]
From chatbots to intellig...
by Saniya Abraham
[March 12, 2025, 03:05:30 PM]
'Garbage' to blame Ukrain...
by Saniya Abraham
[March 12, 2025, 03:05:30 PM]
Google Chromecast users' ...
by Saniya Abraham
[March 12, 2025, 03:05:30 PM]
Global smartwatch sales f...
by Saniya Abraham
[March 12, 2025, 03:05:30 PM]
Court strikes down US net...
by Saniya Abraham
[January 03, 2025, 03:29:12 PM]
Tesla sales stall as Chin...
by Saniya Abraham
[January 03, 2025, 03:29:12 PM]
Nick Clegg leaves Meta ah...
by Saniya Abraham
[January 03, 2025, 03:29:12 PM]
Why Apple is offering rar...
by Saniya Abraham
[January 03, 2025, 03:29:12 PM]
Vodafone-Three merger cou...
by Saniya Abraham
[November 08, 2024, 04:31:03 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Techno News
 Beware the Crouching Tiger at the Watering Hole says Context
Pages: [1]   Go Down
  Print  
Author Topic: Beware the Crouching Tiger at the Watering Hole says Context  (Read 696 times)
NeonDrum
Super Elite Member
******


Karma: 0
Offline Offline

Posts: 1403


View Profile WWW Email
Beware the Crouching Tiger at the Watering Hole says Context
« Posted: July 17, 2013, 02:13:13 PM »

London, UK - July 17th, 2013. Researchers at Context Information Security warn that watering hole cyber attacks are increasingly being used by state sponsored hackers to compromise large target groups within the same industries. Rather than chasing victims with spear phishing techniques, attackers compromise popular trusted websites to trap visitors and infect their machines with malware.
While Facebook, Apple and Twitter are among the major names that have already fallen victim to watering hole attacks, Context is seeing more activity aimed at commercial and financial sites. Researchers recently detected an attack on the IHS.com website that belongs to US-based Information Handling Services Inc., the parent company to Jane's Information Group - one of the preeminent sources of information and analysis on military and intelligence matters; Global Insights – a well-established player in financial, economic and political analysis; and Cambridge Energy Research Associates (CERA) – advisers to companies and governments on energy and geopolitics.
“In this case the predatory tiger was a state sponsored attacker and the prey was the target companies visiting the site,” explained Mark Raeburn, CEO at Context. “Our Response Team picked up traffic beaconing activity from a Remote Access Trojan (RAT) known as PlugX, which gives an attacker control over a compromised host and is suspected of being attributable to one of the more aggressive and active Chinese state-sponsored groups.”
When users visited the compromised IHS.com web site, a Java archive signed by a fake certificate using the legitimate IHS.com name was downloaded onto the victim’s machine. This redirected the user to a malicious domain that downloaded and executed the .exe PlugX file and within ten seconds, the RAT started receiving commands and sending data to a third, attacker controlled, domain.
For one major FTSE 250 company infected by the Watering Hole attack, Context was able to track down seven other hosts spread across four countries that had been successfully compromised. Further investigation showed over the time elapsed since the attack, anti-virus software had cleaned up six of the seven compromised hosts, an unusually high success rate for AV when it comes to targeted attacks.
Context believes that some of this increased watering hole attack activity is driven by nation state or associated actors. In this particular instance the watering hole is likely to have been setup by a group referred to as ‘FlowerLady’ or ‘FlowerShow’, thought to be Chinese in origin and state-sponsored, as opposed to managed directly by the Chinese state. This group is not known to be affiliated to any particular organisation and attacks Western companies on an opportunistic basis looking for information of economic, technological or military significance, which can be passed onto the Chinese state or companies for further exploitation.
The IHS.com site has now been cleaned up and is no longer a watering hole threat, but it is unclear how many visitors were compromised, or how many still remain infected. “Phishing campaigns are often seen as the primary, or only, avenue of compromise when it comes to targeted attacks, but companies need to be more aware of the threat from alternative vectors such as watering hole attacks and take measures to identify malicious activity and mitigate the risks, regardless of the source,” said Mark Raeburn, CEO at Context. “Better awareness and activity monitoring, including information from across the network and down to the level of individual PCs, is vital and should be combined with a robust programme of proactive security improvement.”
Context has published more information about the HIS.com watering hole attack at:
http://www.contextis.co.uk/research/blog/crouching-tiger-ihs-watering-hole/
About Context
Context was launched in 1998 and has a client base that includes some of the world’s most high profile blue chip companies, alongside government organisations. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents. Many of the world's most successful organisations turn to Context for technical assurance, incident response and investigation services. Context is also at the forefront of research and development in security technology.
As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants are frequently invited to present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.
www.contextis.com
Contacts:
For more information for editors, please contact:
Peter Rennison / Allie Andrews
PRPR, Tel + 44 (0)1442 245030 / + 44 (0)7831 208109
pr[at]prpr[dot]co[dot]uk / allie[at]prpr[dot]co[dot]uk
Distributed on behalf of PRPR by NeonDrum news distribution service (http://www.neondrum.com)
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Page created in 0.324 seconds with 23 queries.