On Sunday 12 Feb, security firm Symantec released an analysis of a new wave of attacks that has been underway since at least October 2016 and came to light when a bank in Poland discovered previously unknown malware running on a number of its computers.
The bank then shared indicators of compromise (IOCs) with other institutions and a number of other institutions confirmed that they too had been compromised.
These watering hole attacks attempted to infect more than 100 organizations in 31 different countries.
Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks. Since October, 14 attacks against computers in Mexico were blocked, 11 against computers in Uruguay, and two against computers in Poland.
Preliminary investigation suggested that the starting point for the Polish infection could have been located on the webserver of Polish financial sector regulatory body, Polish Financial Supervision Authority. Ilia Kolochenko, CEO at High-Tech Bridge commented below.
Ilia Kolochenko, CEO at High-Tech Bridge:
“We should expect that cybercriminals will find more creative and reliable ways to compromise their victims. Trustworthy websites, such as governmental ones, represent great value for cybercriminals, even if they don’t host any sensitive or confidential data.
In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks.
That’s why Gartner, and other independent research companies, continuously say that the risk of corporate web applications is very high and seriously underestimated. Spear phishing and watering hole attacks against high-profile websites will significant grow in the near future.”