Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Beware the Crouching Tiger at the Watering Hole says ContextState sponsored hackers turn to stalking tactics to snare prey
By: Context Information Security While Facebook, Apple and Twitter are among the major names that have already fallen victim to watering hole attacks, Context is seeing more activity aimed at commercial and financial sites. Researchers recently detected an attack on the IHS.com website that belongs to US-based Information Handling Services Inc., the parent company to Jane's Information Group - one of the preeminent sources of information and analysis on military and intelligence matters; Global Insights – a well-established player in financial, economic and political analysis; and Cambridge Energy Research Associates (CERA) – advisers to companies and governments on energy and geopolitics. “In this case the predatory tiger was a state sponsored attacker and the prey was the target companies visiting the site,” When users visited the compromised IHS.com web site, a Java archive signed by a fake certificate using the legitimate IHS.com name was downloaded onto the victim’ For one major FTSE 250 company infected by the Watering Hole attack, Context was able to track down seven other hosts spread across four countries that had been successfully compromised. Further investigation showed over the time elapsed since the attack, anti-virus software had cleaned up six of the seven compromised hosts, an unusually high success rate for AV when it comes to targeted attacks. Context believes that some of this increased watering hole attack activity is driven by nation state or associated actors. In this particular instance the watering hole is likely to have been setup by a group referred to as ‘FlowerLady’ or ‘FlowerShow’, thought to be Chinese in origin and state-sponsored, as opposed to managed directly by the Chinese state. This group is not known to be affiliated to any particular organisation and attacks Western companies on an opportunistic basis looking for information of economic, technological or military significance, which can be passed onto the Chinese state or companies for further exploitation. The IHS.com site has now been cleaned up and is no longer a watering hole threat, but it is unclear how many visitors were compromised, or how many still remain infected. “Phishing campaigns are often seen as the primary, or only, avenue of compromise when it comes to targeted attacks, but companies need to be more aware of the threat from alternative vectors such as watering hole attacks and take measures to identify malicious activity and mitigate the risks, regardless of the source,” Context has published more information about the ihs.com watering hole attack at: http://www.contextis.co.uk/ About Context Context was launched in 1998 and has a client base that includes some of the world’ As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants are frequently invited to present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide. www.contextis.com (../Downloads/ Contacts: For more information for editors, please contact: Peter Rennison / Allie Andrews PRPR, Tel + 44 (0)1442 245030 / + 44 (0)7831 208109 pr[at]prpr[dot] Distributed on behalf of PRPR by NeonDrum news distribution service (http://www.neondrum.com) End
Account Email Address Account Phone Number Disclaimer Report Abuse Page Updated Last on: Jul 17, 2013
|
|