February 24, 2017
A 'watering hole attack' involves hijacking a legitimate and trusted site, typically by exploiting a 0-day vulnerability, to push malware to unsuspecting users. The intent is to use that well known site (the watering hole) to infect a specific user or user group with malware.
Facebook, Apple, Microsoft, Twitter, and most recently banks, have all been targeted with watering hole attacks.
Google Chrome Font Pack Attack
Cybercriminals have adopted watering hole style web-based drive-by attacks in recent ransomware campaigns seen online. For example, recently a website for software developers led to a website with an unreadable message which prompted the user to fix the issue by installing the “Chrome font pack”. The trick is that it wasn't a font pack, but malware which infected the victim's computer with Spora ransomware. The affected website has since fixed after security researchers reported the incident.
How Do I Protect Myself
To protect yourself from this type of attack:
- Know how to recognize it. A article can be found here [1].
- Keep your browser software up-to-date. Be sure to install antivirus updates and regularly check for and install browser plugin (e.g., Adobe Flash and Java) updates.
- When in doubt, ignore. Don't click on pop-up windows or extraneous ads. If they are persistent, close your browser entirely.
- Ensure your anti-virus software is updated and has the latest definitions.
- Consider using ad-blocker software or plugin with your browser. For example, NoScript for Firefox lets you choose which Web domains run scripts and applets in your browser. Google Chrome has an advanced setting which helps detect and protect against phishing and malware.
- While legitimate websites have been targeted, it is still advisable to limit browsing to the well-known and reputable sites. Avoid high-risk sites, such as online gaming/gambling, pornography, and peer-to-peer/BitTorrent sites.
- Read up on related Information Security topics already covered:
Written by: Hanna Guan (Cyber Security Analyst, Information Security)