Posts

“Watering hole” attacks via internet

In 2009, high profile web site attacks by a group using the Hydraq (Aurora) Trojan horses started. Symantec has been monitoring the attacking group’s activities for the last three years as they’ve consistently targeted a number of industries. These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. Read more

The Elderwood Project: “Watering Hole” Attacks (Symantec)

Zebras are the target; ...

Zebras are the target; …

In 2009, there was the start of high profile attacks by a group using the Hydraq (Aurora) Trojan horse. Symantec has been monitoring the attacking group’s activities for the last three years as they’ve consistently targeted a number of industries. These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure Symantec termed the “Elderwood Platform”. The term “Elderwood” comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but now there is an increased adoption of “watering hole” attacks (compromising certain websites likely to be visited by the target organization).

The “watering hole” attack is a clear shift in the attacking group’s method of operations. The concept of the attack is similar to a predator waiting at a watering hole. The predator knows that victims will eventually have to come to the watering hole, so rather than go hunting, he waits for his victims to come to him. Similarly, attackers find a Web site that caters to a particular audience, which includes the target the attackers are interested in. Having identified this website, the attackers hack into it using a variety of means. The attackers then inject an exploit onto public pages of the website that they hope will be visited by their ultimate target. Any visitor susceptible to the exploit is compromised and a back door Trojan is installed onto their computer.

Symantec published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks.

Read more

Cloud computing to revolutionise Vietnamese technology sector

Cloud computing has been described as a “technological tsunami” and according to recent figures, the phenomenon has hit Vietnam with force.

In Symantec’s latest survey, 46 per cent of participants are already deploying hybrid clouds and virtualisation projects within their organisations.

The benefits of such projects are numerous. Cloud computing not only enables businesses to scale down on operation costs and improve storage performance and rate, it also allows organizations to reduce pressure on existing systems and enhance administrative management abilities.

Read more