Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Oil and Energy Companies Targeted with Watering Hole Assaults, finds Cisco

Security investigators at Cisco the security company recently spotted one watering-hole attack that had been targeting different organizations in the oil and energy industry. They (investigators) found a number of compromised websites, some of which diverted visitors whilst the remaining hosted and delivered malware.

Companies, which were affected, included one exploration firm for natural gas and oil doing business at different African countries, particularly Morocco, and Brazil; one UK-based gas power plant; one hydroelectric plant serving Czechoslovakia and Bulgaria; as well as a gas supplier in France.

Other targets were certain distributor facilitating aerospace, energy and nuclear industries, along with capital and investment firms, which dealt within the energy industry.

A detailed study of the hijacked websites showed that malicious iFrames were inserted into them. While a common server was used for 6 websites among the total, yet 3 of those had the same company owning them.

According to Emmanuel Tacheau, Researcher at Cisco, people stumbled upon the iFrame-inserted sites when they either directly accessed the hijacked websites alternatively got apparently lawful as also harmless search results that they tried. Tripwire.com published this dated September 19, 2013.

Tacheau further analyzes that the development matches any watering-hole natured assault in which websites are purposefully hijacked for trapping desired targets as opposed to spear phishing alternatively yet more methods for luring desired targets via illegitimate ways.

Cisco notes that the iFrame-inserted hijacked websites, which served malware and/or attack codes, are: nahoonservices[.]com, kenzhebek[.]com and keeleux[.]com.

In particular, the attack codes abused a Java security flaw namely CVE-2012-1723 else an IE 8 vulnerability called CVE-2013-1347. Another attack code abused a Firefox vulnerability called CVE-2013-1690.

Alongside these, according to Cisco, the malware served happens to be a Trojan, which seized keyboard and clipboard data as also system configurations. Further it performed an encrypted linkage with one Greece-situated command-and-control (C&C) web-server. The security company notes that every contaminated website had been notified so the majority could be sanitized.

In conclusion Tacheau says end-users can remain safeguarded from the current assaults, if they maintain their computers as well as browsers wholly upgraded with security patches, and thereby limit exploit-prone vulnerabilities.

ยป SPAMfighter News - 9/28/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page