Blog‎ > ‎

Cyber Threat Report: Malvertising and Watering Holes

posted Oct 18, 2015, 8:18 PM by Christopher Furton   [ updated Dec 13, 2015, 10:32 AM ]
Written by: 

Cyber Threat Report: Malvertising and Watering Holes

Christopher_Furton_CyberSecurity_Threat_Brief_WateringHoles_Malvertising.pptx


Slide Text

 Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes

  1. 1.  Evolution of technology leans to more and more web-based usage › HTML5 applications › Software-as-a-Service  Business involvement in Social Media › Increase reliance on Facebook, twitter, and other social sites for customer interactions › Brand development and growth for reasonable cost  It is all about the Web. And will continue that way.
  2. 2.  Malvertising (or malicious advertising) uses legitimate advertising channels to propagate malicious ads.  Victims may or may not have to click the ads depending on the attack. › Clicked ads can redirect victim to malicious site › Zero-day exploit (i.e., Adobe Flash) can install malware without user action
  3. 3.  Attacks are generally broad in nature and typically use known vulnerabilities.  Attacks leverage wide distribution of ads through legitimate ad networks to increase likelihood of luring a victim.  According to ComScore1 data, 53 billion ads contained malicious content or redirected to malicious content.
  4. 4.  Leverage rich content from Adobe Flash Player, Reader, etc.  Can use iframe injection to trigger background installations.  Pop-up and banner ads through ad networks.  Clickjacking - tricking a victim into clicking something other than what was intended.
  5. 5.  Patching – keep browsers (i.e., Firefox, IE, Chrome) up to date. This ensures known vulnerabilities can’t be exploited.  Vulnerability Management – implement a scanning process for known vulnerabilities. Identify and remediate.  Monitor outbound traffic – Whitelist if possible. Block traffic to known bullet-proof hosts.  Use Ad blocking software. Ghostly or NoScript. (keep in mind implications)  Train users to hover before clicking.  Configure X-Frame Options and employ anti- clickjacking attributes.
  6. 6.  Watering Holes – Compromised trusted websites contain malware.  Trust relationships between sites are exploited to push malware to user.  Often use zero-day vulnerabilities to execute attack.
  7. 7.  Attacks are generally narrow in nature and typically use unknown vulnerabilities.  Attacks typically are targeted and require significant intelligence resources.  Much more sophisticated than other attacks. (i.e., smells like state-sponsored)
  8. 8.  Leverages application layer protocols including TLS/SSL and HTTP.  Often browser-specific due to unique vulnerabilities.  Can exploit Application Programming Interfaces (API) such as ActiveX
  9. 9.  Very little can be done to specifically mitigate watering hole attacks. However: › Vulnerability Management will help patch holes as soon as they are announced. › Monitoring outbound traffic can help identify if an exploit has been successful. › Strong incident response to identify and react to minimize damage. › Network segmentation to minimize exposure › Overall high security awareness in the organization.
  10. 10.  1 - http://www.mintel.com/blog/technology-market- news/malvertising-the-internets-billion-dollar-problem  2 - Cyveillance – a QinetiQ Company - https://blog.cyveillance.com/when-good-sites-go-bad-malvertising- and-watering-holes- infographic/?utm_source=social&utm_medium=twitter&utm_conten t=post%204&utm_campaign=MWH  Great Infographic: https://blog.cyveillance.com/wp- content/uploads/Malvertise_info_6001.jpg
  11. 11. Christopher Furton is an Information Technology Professional with over 12 years in the industry. He attended The University of Michigan earning a B.S. in Computer Science and completed a M.S. in Information Management from Syracuse University in 2015. His career includes managing small to medium size IT infrastructures, service desks, and IT operations. Over the years, Christopher has specialized in Cyber Security while working within the Department of the Defense and the United States Marine Corps. His research topics include vulnerability management, cyber security governance, privacy, and cyber risk management. He holds active IT Certifications including the CISSP, CEH, ITIL Foundations, Security+CE and Network+CE. He can be found on LinkedIn, Google+, and Twitter @IT_Mgmt_Chris. Additional information available on Christopher Furton's website at http://christopher.furton.net.

About the Author

Christopher Furton author bio picture
Christopher Furton

is an Information Technology Professional with over 12 years in the industry.  He attended The University of Michigan earning a B.S. in Computer Science and recently completed a M.S. in Information Management from Syracuse University.  His career includes managing small to medium size IT infrastructures, service desks, and IT operations.  Over the years, Christopher has specialized in Cyber Security while working within the Department of the Defense and the United States Marine Corps. His research topics include vulnerability management, cyber security governance, privacy, and cyber risk management.  He holds active IT Certifications including the CISSP, CEH, ITIL Foundations, Security+CE and Network+CE.  He can be found on , , and .  

Additional information available on Christopher Furton's website at
Comments