Cisco Blogs


Cisco Blog > Security

The Art of Escape

Craig Williams and Jaeson Schultz have contributed to this post.

We blogged in September of 2013 about variants of Havex. A month ago on June 2, 2014, I had the chance to give a presentation at AREA41.  In my presentation “The Art of Escape,” I talked about targeted attacks involving watering holes.

If we look at the timeline of the attacks we see two clear impacting factors:

  • CVE release time
  • Timeframe of new PluginDetect

This explains why we saw an increase in watering hole attacks peaking in August

timeline_havex

Read More »

Tags: , , , , ,

Watering-Hole Attacks Target Energy Sector

Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host.

Observed watering-hole style domains containing the malicious iframe have included:

  1. An oil and gas exploration firm with operations in Africa, Morocco, and Brazil;
  2. A company that owns multiple hydro electric plants throughout the Czech Republic and Bulgaria;
  3. A natural gas power station in the UK;
  4. A gas distributor located in France;
  5. An industrial supplier to the energy, nuclear and aerospace industries;
  6. Various investment and capital firms that specialize in the energy sector.

Encounters with the iframe-injected web pages resulted from either direct browsing to the compromised sites or via seemingly legitimate and innocuous searches. This is consistent with the premise of a watering-hole style attack that deliberately compromises websites likely to draw the intended targets, versus spear phishing or other means to entice the intended targets through illicit means.

Read More »

Tags: , , , , ,