“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from the targeted group visits the “trusted” site (A.K.A. the “Watering Hole”) and becomes compromised.

Cisco identified suspicious GET requests made to the www.sellagreement.com, a malicious site which was recently linked with the Department of Labor attack. According to the evidence we have, the sites www.kforce.com and www.sbc.net were among those compromised during this attack. The webpages that were serving malicious content from these sites were mostly job-search related, but several requests to www.sellagreement.com lacked a “Referrer:” HTTP header entirely. Read More »

Tags: Cisco Security, department of labor, malicious javascript, spear phishing, TRAC, water hole attack

While the IT industry is in many ways moving toward an outsourced model, with the widespread adoption of the cloud and XaaS, marketing has been moving in a similar direction as well. And while PR agencies have been around for quite some time and it has been normal to look to outside agencies for help with creatives, over the past several years a new kind of service provider, the Email Service Provider, or ESP, has emerged from the shadows. Not to be mistaken for cloud-based email security services, ESPs are in the business of sending mass email (typically opt-in), not blocking it. Unfortunately, for many, their first exposure to these companies (outside of an inbox full of enticing offers) has been via news around data breaches, first, in 2010 with Silverpop and now Epsilon.

Read More »

Tags: cloud, cloud security, email, phishing, security, spear phishing