Wednesday, 13. August 2014

Crocodile Tears: A Look at Turning the Tables on Cyber Attacks

In Africa, crocodiles are considered to be the most fearsome predators. These ancient beasts are superb hunters because of their strength and hunting tactics. One of those tactics involves the stalking of watering holes in the savanna. This method of tactic is implemented because the wildebeests and gazelles congregate at watering holes. This tactic is now being emulated in cyberspace by cybercriminals.

Watering-hole attacks are flourishing in the United States. A watering-hole attack is one wherein the corporate Web server is a compromised and a specific page within the site attacks visitors with tailor- made malware. These attacks are extremely effective against employees who utilize their websites as portals, which spread threats to customers and partners. One form of watering hole attacks is to pollute ads within sites. This type of attack is called malvertising.

According to Cisco Threat Research Media, networks were almost four times as likely to attract malware as the average enterprise network, likely because of an increase in malvertising. Web publications are magnets for online ads that harbor malware and pass it on to readers. The media industry depends on advertising for revenue, but ads are hardly ever vetted for subversive code.

The recent Trend Micro Q2 threat round report, “Turning the Tables on Cyberattacks: Responding to Evolving Tactics,” highlights that 25 percent of the worlds infected URLs originate in the USA.


Your website has become an extension of your brand; an extension of your business operations and thus protecting it and preventing it from polluting your employees and consumers is imperative. In order to prevent your site from becoming a watering hole the following steps should be taken:

Detect vulnerabilities in web applications and remediate them
Discover application logic flaws including comprehensive proof of exploitation
Identify key security vulnerabilities at the platform layer, including scanning of the operating system, web server, and application server
Shield vulnerabilities before they can be exploited with intrusion prevention and WAF rules
Deploy DMARC

Click to read more: