It was recently revealed that hackers who appear to be linked to China had reprogrammed Forbes’ “Thought of the Day” widget to send malicious computer code to readers’ computers last year. Here to comment on this news is Trey Ford, a Global Security Strategist at Rapid7.
“Attacking high profile websites is a classic way to build a botnet. This case sounds a little bit different from regular malvertising, or malicious advertising, in that a super high traffic site like Forbes will have far stronger access controls and logging than other softer targets. Attackers know these factors raise the likelihood of getting caught.
Free Cyber Security Training! Join the revolution today!
“Attacks like this, referred to as waterhole attacks, are particularly effective in targeting specific groups or companies that frequent a specific site or forum. Forbes will have a higher concentration of executive readers, which is a different target population than a more classic ‘wide net’ strategy of say targeting a website like Facebook.
“From the attacker’s perspective, a waterhole attack is nice as you can carefully target your prey and (hopefully) have considerably fewer people install your malware. A large target like Forbes stands out against an approach like this.
“Attacking a large target also accelerates the time in which the malware will be detected, and the 0day vulnerabilities used to install the malware (previously unknown vulnerabilities in the browser or plugin) will be identified, reported, and fixed.
“An attack against a site with such broad readership sounds more criminal than state-sponsored.”
By Trey Ford, Global Security Strategist, Rapid7
About Rapid7
Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. The company understands the attacker better than anyone and builds that insight into its security software and services. Rapid7’s IT security analytics solutions collect, contextualize, and analyze the security data users need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so customers can halt threats and clean up systems fast. Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of your assets and users, across virtual, mobile, private and public cloud networks.
The company offers advanced capabilities for vulnerability management, penetration testing, endpoint controls assessment, and incident detection and investigation. Its attacker intelligence is informed by more than 200,000 members of the Metasploit community, the industry-leading Rapid7 Research Labs, and its experienced security services team. Rapid7 is trusted by more than 3,000 organizations across 78 countries, including more than 250 of the Fortune 1000.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.