Kaspersky researchers have discovered a watering-hole campaign targeting users in Asia since May 2019.
More than 10 websites related to religion, voluntary programs, charity, and several other areas were compromised to selectively trigger a drive-by download attack resulting in a backdoor set up on the targets' devices.
Attackers used a creative toolset, which included GitHub distribution and the use of open-source code.
A watering hole is a targeted attack strategy in which cyber criminals compromise websites that are considered to be fertile ground for potential victims and wait for the planted malware to end up on their computers. In order to be exposed to malware, a user needs to simply visit a compromised website, which makes this type of attack easy to spread and thus more dangerous.
This multi-stage waterhole attack with an unsophisticated but creative toolset is distinctive due to its fast evolution since its inception date, as well as the wide range of tools used.
The visitor is then expected to be lured into the update trap, and download a malicious installer package that will set up a backdoor named 'Godlike12', thus providing the threat actor with full remote access to the infected device, enabling them to modify files, harvest confidential data from the computer, log activity on the computer and more.
Another backdoor, a modified version of the open-source Python backdoor called Stitch, was also used in the attack. It provided classic backdoor functionalities by establishing a direct socket connection to exchange AES-encrypted data with the remote server.
The fake Adobe Flash pop-up was linked to an executable file hosted on github.com under the guise of a Flash update file. GitHub disabled this repository on the 14th of February 2020 after Kaspersky reported it to them, thus breaking the infection chain of the campaign.
The repository has, however, been online for more than 9 months, and thanks to GitHub's commit history, the researchers were able to gain unique insight on the attacker's activity and tools.
This campaign stands out due to its low-budget and not fully developed toolset, which has been modified several times in a few months to leverage interesting features like Google Drive C2. Kaspersky characterizes the attack as likely being the work of a small, agile team.
"Watering hole is an interesting strategy that delivers results using targeted attacks on specific groups of people. We were not able to witness any live attacks and thus could not determine the operational target," said Kaspersky senior security researcher, Ivan Kwiatkowski.
"However, this campaign once again demonstrates why online privacy needs to be actively protected. Privacy risks are especially high when we consider various social groups and minorities because there are always actors that are interested in finding out more about such groups."
Kaspersky recommends following a series of steps to avoid falling victim to targeted attacks on organizations or persons.
According to the organization, people should not update nor install Adobe Flash Player, as the product is no longer supported and most likely, the update disguises something malicious. In case it has been installed, Kaspersky recommends removing it as the technology is now obsolete.
VPN must be used to hide the person's association with a specific group by masking the real IP address and hiding the real location you are at.
Kaspersky suggests that people choose a proven security solution such as Kaspersky Security Cloud for effective personal protection against known and unknown threats.
The Security Operations Center (SOC) team must be provided with access to the latest threat intelligence, and to stay up to date with new and emerging tools, techniques and tactics used by threat actors and cybercriminals.
For endpoint level detection, investigation and timely remediation of incidents, implementation of EDR solutions such as Kaspersky Endpoint Detection and Response are advised.
In addition to adopting essential endpoint protection, implementing a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform is also advised.
- Gartner: How and why cloud providers need to support their customers through Covid-19 - Cloud Tech - May 22nd, 2020
- The Connection Between Cloud Service Providers and Cyber Resilience - Security Intelligence - May 22nd, 2020
- Google And Dell Pave The Way For File Data In The Cloud - The Next Platform - May 22nd, 2020
- Veeam teams up with Kasten for containerised app backup Blocks and Files - Blocks and Files - May 22nd, 2020
- Hybrid cloud: The key to surviving and thriving during the pandemic - WTOP - May 22nd, 2020
- Global Bare Metal Cloud Market : Industry Analysis and Forecast... - Azizsalon News - May 22nd, 2020
- Exabeam sees more than half of new and add-on recurring revenue from cloud offering - Help Net Security - May 22nd, 2020
- OnShip Brings its Parcel & Freight Shipping Transportation Management Platform to the Cloud with Cameyo - Supply and Demand Chain Executive - May 22nd, 2020
- 'What is Dropbox?': How to use the cloud-based file-storage service for collaboration - Business Insider - Business Insider - May 22nd, 2020
- Couchbase Announces $105 Million Equity Investment Led by GPI Capital to Fuel Its Next Phase of Growth and Cloud Innovation - GlobeNewswire - May 22nd, 2020
- The Register calls for aid, and Microsoft's Rohan Kumar will answer... our questions about SQL Edge and Azure Synapse - The Register - May 22nd, 2020
- What are the different types of cloud load balancing? - TechTarget - May 22nd, 2020
- How data centers will become automated and self-reliant - TechHQ - May 22nd, 2020
- Masayoshi Son says AWS and Microsoft will buy more chipsets from the SoftBank Vision Fund-backed Arm, and not - Business Insider India - May 22nd, 2020
- Chinese IPOs hang in the balance as Senate and Nasdaq change rules - Data Economy - May 22nd, 2020
- Portworx upbeat on container storage revenues Blocks and Files - Blocks and Files - May 22nd, 2020
- New study Global Managed Servers Market 2019 | Growth Opportunities, Investment Feasibility, Market Share And Forecast 2025 - Cole of Duty - May 22nd, 2020
- New Study Finds that IT Pros Are Worried About Corporate Data Security - Database Trends and Applications - May 19th, 2020
- Get your head in the cloud: why cloud is crucial for sustainable business - New Zealand News Centre - Microsoft - May 19th, 2020
- The Global Public Cloud Services Market is expected to grow by $ 221.84 billion during 2020-2024 progressing at a CAGR of 19% during the forecast... - May 19th, 2020
- Traditional or Cloud Antivirus Solutions Which is Best? - PC Tech Magazine - May 19th, 2020
- Moving beyond Covid-19: what does the future of work look like? - ETCIO.com - May 19th, 2020
- AWS unleashes custom Arm processor the Graviton2 in new EC2 M6g instance type - The Register - May 14th, 2020
- Pandemic Shows The Value Of The Public Cloud - The Next Platform - May 14th, 2020
- Jigsaw24 Expands Via24 Cloud Services With Deployment of EditShares EFSv - Broadcasting & Cable - May 14th, 2020
- The age of the ethical cloud is green and for everyone Intelligent CIO Europe - Intelligent CIO Africa - May 14th, 2020
- The Future of Artificial Intelligence: Edge Intelligence - Analytics Insight - May 14th, 2020
- How cloud is accelerating the growth of digital payments - TechHQ - May 14th, 2020
- Live Webinar Preview: Commands & Custom Scripting for Remote Application Installs - Security Boulevard - May 14th, 2020
- Private Cloud Server Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - Cole of Duty - May 14th, 2020
- Swarm Theory: Lessons from nature in the advancement of robotics - Techerati - May 14th, 2020
- What are the Differences Between IaaS, PaaS, and SaaS? - stopthefud - May 14th, 2020
- Zoom Settles with NY AG over Privacy and Security Concerns - Security Magazine - May 14th, 2020
- Codestone helps shipping agent to cloud-based infrastructure - Codestone - May 14th, 2020
- Server sales went through the roof in the first three months of 2020. Enjoy it while it lasts, Dell, HPE, and pals - The Register - May 14th, 2020
- Global Cloud Infrastructure Testing Market Research Report 2020 By Size, Share, Trends and Analysis up to 2025. - Cole of Duty - May 14th, 2020
- Digital Harmonic to Bring its Powerful AI-Driven Image and Video Enhancing Solution to the Federal Market - Business Wire - May 14th, 2020
- Sorry if this seems latency obvious, but... you can always scale out your storage with end-to-end NVMe - The Register - May 14th, 2020
- The role of the data centre in the future of Data Management - Data Economy - May 14th, 2020
- We'd love to come up with a Harbor container ship pun but we're too corona-frazzled. Version 2.0 is out - The Register - May 14th, 2020
- Edge Intelligence: The Next Wave of AI - EE Times India - May 14th, 2020
- Patch by Friday or compromised by Monday: Salt exploit exposes Infrastructure-as-Code tools threat - SC Magazine UK - May 6th, 2020
- Serverless Exists In The Cloud and Both Need Servers - Computer Business Review - May 6th, 2020
- Analysis on Impact of COVID-19- Rugged Servers Market 2020-2024 | Increased Adoption of Cloud Applications to Boost Growth | Technavio - Business Wire - May 6th, 2020
- Privitar Announces New Native Integration With Google Cloud Platform - Business Wire - May 6th, 2020
- Industrial 5G and the Mobile Edge - ARC Viewpoints - May 6th, 2020
- Neutrino Energy Will Power The Future's Internet Consumption - Forbes India - May 6th, 2020
- Norton 360 Deluxe review: Comprehensive security solution with built-in VPN - Business Standard - May 6th, 2020
- Microsoft Announces the General Availability of Windows Server Containers, and More for AKS - InfoQ.com - May 6th, 2020
- Protecting the Cloud: Securing access to public cloud accounts - Naked Security - May 6th, 2020
- Cloud Act is not a sovereign aggressive overreach by the US - News24 - May 6th, 2020
- How to Set Up pCloud Drive in 2020 - Cloudwards - May 6th, 2020
- What public clouds are coronavirus-themed threats hiding in? - ARNnet - May 6th, 2020
- In the cloud, who can hear your developers scream? - The Register - May 4th, 2020
- Unlock The Full Value Of SAP Hana In The Cloud With IBM Power - E3zine.com - May 4th, 2020
- Critical SaltStack vulnerability affects thousands of datacentres - ComputerWeekly.com - May 4th, 2020
- Hot On The Heels Of Mellanox, Nvidia Snaps Up Cumulus Networks - The Next Platform - May 4th, 2020
- AWS Cloud Formation Market Countries Analysis Report 2020 by Industry Size, Share, Growth Rate and Revenue Aminet Market Reports - amitnetserver - May 4th, 2020
- Review hybrid cloud offerings that bring the cloud on premises - TechTarget - May 4th, 2020
- Gmail and Outlook sitting in a tree, not t-a-l-k-i-n-g to me or thee - The Register - May 4th, 2020
- The attacker and the data centre - ITProPortal - May 4th, 2020
- Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin - The Register - April 29th, 2020
- AMD and Samsung's Earnings Point to a Cloud Server Spending Boom - TheStreet - April 29th, 2020
- Organizations are Increasing IT budgets for AI, Cloud, and Security - EnterpriseTalk - April 29th, 2020
- It's your last chance to get this ace VPN deal with 73% off and free cloud storage - TechRadar India - April 29th, 2020
- Atos to Deliver Next Generation Cloud Services to the State of Texas - AiThority - April 29th, 2020
- In the first quarter, Google Cloud's revenue is up 52% year-over-year - FierceTelecom - April 29th, 2020
- Experts warn there are still legal ways the US could obtain COVIDSafe data - ABC News - April 29th, 2020
- 14 ways AWS beats Microsoft Azure and Google Cloud - ARNnet - April 29th, 2020
- Cloud computing in the coronavirus era - CNBCTV18 - April 29th, 2020
- Cloud Office Migration Tool Market Expected to reach US$ 2,753.8 Mn in 2027 AvePoint, Binarytree, BitTitan, CodeTwo sp. z oo sp. k., Proventeq... - April 29th, 2020
- Cloud Based Payroll Software Market Growth Prediction, Investment Opportunity, Product Type and Forecast 2027 Cole Reports - Cole of Duty - April 29th, 2020
- Bare Metal Cloud Market Analysis Growth Opportunities and Demand Drives by 2017 to 2025 - Latest Herald - April 29th, 2020
- Lockdown transformation: 8 ways to be more eco- and climate-friendly | Daily Sabah - Daily Sabah - April 29th, 2020
- Critical thinking: NetApp builds Scale-out Data Protection with Commvault - Blocks and Files - April 29th, 2020
- Autodesk, Other Software Makers Widen Access to Cloud-Based Platforms - Architectural Record - April 23rd, 2020
- Quiet Giant: The TITAN Cloud And The Future Of DOD Artificial Intelligence Analysis - Eurasia Review - April 23rd, 2020
- BOXX Introduces Cloud Service Powered by High Performance Workstations - GlobeNewswire - April 23rd, 2020
- Containing costs with Azure during the coronavirus crisis - MSDynamicsWorld.com - April 23rd, 2020
- Versent shifts Vix to AWS cloud and Snowflake - ARNnet - April 23rd, 2020