Businesses Beware of Internet Hoaxes Secondary Effects

Waterhole.jpgIt is no surprise the Internet can be used to propagate misleading news, but secondary cybersecurity risks can outweigh malicious misinformation campaigns.  Case in point, Intel was recently targeted in an attack using false information on an official-looking press release.  The hoax leveraged a web address similar to the official corporate site and even had someone to answer the phone number and try to convince callers of the legitimacy.  With a touch of irony, the contact name was “Nick Veritas” (“Veritas” translates to truth in Latin).  The story of the deception gained widespread visibility.

Overall, the attack was not technically complex.  However, it is a novel example in how secondary risks can exceed what might appear to be the primary goal.  A bit of subterfuge is at play, as I believe this is a brilliant twist on a waterhole attack

Consider the aspects.  This is a directed attack against a specific company.  The message was crafted to be plausible and meaningful enough to gain sufficient visibility to be carried by major media outlets.  It is obvious the misinformation ruse would not last long, given the ease to validate, but ultimately it does not really matter.  What is important is the draw it has on employees of the target, wanting to visit the fake site.  Owning the site, the attacker can easily embed malware into the page and cross reference visitor’s internet protocol (IP) address ranges to see which are the targeted employees.  Using curiosity to have intended victims visit a known malicious site to infect their systems, is new.

I have to give credit, it is an innovative derivative of ‘waterhole’ attacks.  That said, this method of compromise is easily countered if companies educate their employees in such matters and have them make good decisions when choosing what to click on the Internet, especially from work systems and networks.  Rapid analysis of the site can determine the type of payloads being propagated, which will help with detection and cleaning of malware.  Blocking the site at the network perimeter is also a good practice to reduce the potential number of victims.  The best defense, as is true with most web based threats, is a well informed and security savvy workforce.

Twitter:  @Matt_Rosenquist   

IT Peer Network: My Previous Posts


My Blog:  Information Security Strategy

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.