Following the news last week that the Dalai Lama's Chinese website was hacked and infected, the Websense Security Labs have detected further attacks against pro-Tibetan websites.
In a new blog post, the Websense Security Labs team detail how they discovered a ‘waterhole’ attack against the Tibetan Alliance of Chicago. Waterholing attacks are those which target users of specific websites with the aim of installing malware on their systems (usually using a backdoor approach) to collect documents, email contacts, social contacts, and passwords.
Canned comment by Elad Sherf, Senior Security Researcher, IT security, Websense:
“This is yet another example that attacks are truly global. The waterhole attack was on a website in Chicago with an audience of Tibet nationals. The exploit website is located in the UK and the malware command and control point uses a German security vendor Dynamic DNS service, that leads back to the UK.
In this case, the attack isn't that complex when compared to attacks such as Stuxnet or Duqu but probably just enough to fulfil its ultimate purpose. Organizations require real-time layered security defences that have the ability to detect the attack and “kill” its sequence of operation at any of its stages: from the waterhole website and the delivered exploits, to the installed malware program and the command and control point it connects to.”