'Watering hole’ attackers hunt from Reporters without Borders

The same Internet Explorer 8 flaw that hackers had a zero-day exploit for attacks on a US think thank website last year is now being used for attacks on visitors to human rights websites.

The website of NGO ‘Reporters without Borders’ is the latest launchpad for a so-called ‘watering hole attack’, which have hit numerous human rights website in the past weeks, Avast security researcher Jindrich Kubec wrote in a post Tuesday.

Hackers create a watering hole by injecting malicious code into a website that redirects visitors to an exploit page designed to infect the target with malware. It’s the same method used in a typical drive-by download attack on random visitors, except the watering hole has been selected for the audience it attracts.

While recent watering hole attacks have relied on exclusive zero day flaws to compromise target systems, this one uses a recently patched IE flaw and two patched Java flaws to infect victims, wrote Kubec.

“They act as opportunists and try to take advantage of the time frame between the patch release and the patch application of some users, companies and non-governmental organizations,” he noted.

Features of the attack kit on Reporters without Borders’ website mean it’s likely to have been rigged by the same group behind recent attacks on Tibetan, Uygur human rights websites and political parties in Hong Kong and Taiwan, according to Kubec.

“In our opinion the finger could be safely pointed to China (again)," wrote Kubec.

Ahead of Christmas last year, Chinese hackers were suspected of planting a watering hole that used a zero day flaw to net victims that visited the website of foreign policy think tank, Council on Foreign Relations.

The attack only served an exploit to browsers that run on operating systems using US English, Chinese, Taiwanese Chinese, Russian, Japanese or Korean, according to security firm FireEye. http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html

Symantec noted at the time that the attack would have demanded skills and resources outside most hackers' capabilities.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags watering hole attack

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.