Online security is fragile. Cyber attacks are more frequent than they are believed to be. Response time is as slow as ever. These are facts that are spouted when you plan to put your data online on a remote Cloud server. But, there are more ways to be attacked than by merely putting your data into a remote Cloud server. The Cloud service provider may not be responsible for the loss of your data. You may be the culprit.
A malware named “Waterhole” is doing the circuit on the web. The good news is that the attack has been identified early and warnings have been issued. Everyone has the time (if they have the will) to check on and prevent the possibility of the attack. The malware attacks the Cloud network at the point of access—your systems!
Interestingly, waterhole is not a new concept. It is just being used in new ways. When it first appeared on the World Wide Web, hackers used open source admin tools to attract the attention of administrators to reach the malware to the enterprise network. When Cloud service providers insisted on providing their own admin tools for online access, the hackers turned to other ways of reaching the malware to the location. Now, these types of malware attacks are popping up more frequently and persistently across the globe.
What is this “waterhole”? As the name suggests the attempt is to poison the website that is frequented by the employees of your company. The aim is to compromise the unique networked environment. The attack modifies the code of the website and the malware may attach itself to a favorite download and open a backdoor to the enterprise data. It functions like “spear phishing” without using elements other than email as its vehicle.
How can you defend yourself against a waterhole attack? It is not going to get you through the Cloud backup service. It does not make “storing data online” unsafe. The malware is going to get to you from other website resources that are being used by your employees.
To begin with, you need to educate your employees about the threat of waterhole. Monitor the top 100 websites that are frequently visited by your employees and ensure that these websites are not infected. Continue monitoring them at frequent intervals. Block sites that are infected and warn your employees to avoid accessing the site with their personal devices (under BYOD schemes) or onsite devices.
Remember your Cloud backup service provider cannot be held responsible for your ignorance and negligence.