Spear phishing down at the watering hole

We’re all aware that we should protect our details online, but this week news has reached the BBC (other news outlets are available!) about a new kind of “hacking” run by “The Comment Group” from China. How does it work? Well, they email you from what looks like a trusted address (say, someone inside your company), in that email is a link, and because you trust the person sending you the link, you click on it, but of course all that does is download malware onto your computer and suddenly they can hack in.

Targeting Enterprise Organisations:

So what’s new about this? Sending fake links in phishing emails is as old as, well I guess the internet (there is a good history of phishing on Wikipedia). What makes this more sophisticated is that the targets are large companies which are in the process of merging with, buying, or taking over another company or any other major legal action. The emails specifically target those with confidential information on their computers relating to these issues in order to gather this information. This highly targeted method is often referred to as “spear phishing”.

The Watering Hole:

An additional technique used in these attacks is known as the “watering hole”. First a target is identified and information on websites which they regularly use is gathered. These websites then become the targets and are loaded with code which redirects the user to a second site, where the malware is installed on their computer.

Spearing the EU:

One particularly high profile example of this was when the EU was preparing to bail out the Greek economy in summer 2011. Over a ten day time period, the email accounts of 11 high ranking officials including those of the EU council president (who was in charge of the details of the bailout) were compromised. As yet it is not clear what was done with the information, but the potential for damage and criminal activity resulting from such a leak is vast.

Check, Check and Check Again:

So, how to stay safe? It’s certainly not always easy (especially in cases like this), but a little common sense goes a long way. In particular we would always recommend that you check the URL that a link in an email is sending you to before you click on it – in most email clients you can do this by just hovering your mouse over the link. Lots more tips on staying safe online here.