Perhaps you have seen recent news stories about "watering hole" attacks and wondered what they were? More importantly, is it something we in county government have to worry about?
A watering hole attack takes its name from nature, where predator animals, such as lions, rather than chase their prey, simply wait for them to come to them by staking out the watering hole. The prey animal's thirst will eventually force it to seek out water despite the looming danger. In cyber security, the predators will compromise a popular or necessary site used by their targets in order to spread malware, and thereby gain access to their target's computers or information. Although perhaps more difficult than other methods, this form of attack is becoming increasingly popular, especially as security awareness programs make other less difficult attacks, such as phishing, less successful.
Watering hole attacks are absolutely a concern for counties. Because of the wealth of information in possession of counties, much of which is tied directly a persons personal and financial activities, we are target for the bad guys. We have information and they want it. Additionally, many counties use the same vendors, the same state services, the same news and information sources, etc. This commonality makes it easy for a predator to identify resources that a large number of us will eventually seek out.
Perhaps even of bigger concern is that we have web services and resources that many in our communities rely on. If certain types of businesses or organizations become a target, our resources might be viewed as the perfect "watering hole" that would attract that target. This makes diligence on our part essential, to keep our resources secure and/or to make sure that our vendors are doing so.
Similar to phishing attacks, in which case there is little we can do to avoid receiving the phishing e-mails, there is also little we can do to prevent a site that is out of our control from becoming compromised. That is the job of the administrator of that site. The best defense then is education and awareness. Recognizing that a site that we rely on could potentially become compromised and knowing what to watch out for can protect us. Avoid downloading software and plugins that are not absolutely essential. Make sure your anti-malware software is up to date and your operating system is patched. Do links to social media sites and login forms look out of place? Are they the same as the last time you visited? Being alert can keep you safe.
In the case of sites we do have control over, the responsibility is on us and our service providers to keep them safe. Can we avoid requiring any sort of plugin for accessing the needed information? Are links to social media necessary? Content Management Systems (CMS) in particular are a potential source of compromise? If we use a CMS for our site, is the CMS software kept up to date? Is the sites security setup properly so only trusted users can post content? Has it been properly setup to not allow certain types potentially malicious content, such as iframes and javascript? Do we have tools in place to check for mal-ware and unwanted links? Are we monitoring the site regularly?
Humans tend to be trusting, and the bad guys know that. That is why watering hole and phishing attacks work. By being a little less trusting, we can protect ourselves and those that we serve from these sort of attacks.
Great insights, thanks for the article! You bring up a very good point about the importance of securing the CMS for your organization's website. I would be interested to learn about specific recommendations for securing WordPress websites. If you have any links to share please do!
ReplyDeleteThere is actually an excellent article on "Hardening Wordpress" available at http://codex.wordpress.org/Hardening_WordPress. It has a lot of great recommendations, including best practices for securing the underlying operating system as well as how to keep Wordpress itself up to date.
Delete