We have seen reports of companies being attacked by hackers. The list of companies being attacked include big tech industries such as Microsoft, Twitter, Facebook, and others. But as we already know, these hackers are not only targeting tech companies, but any big organization which is worth attacking. We have already seen news agencies being attacked, and recently came to know that the Reserve Bank of Australia was also attacked. But according to a new report, there are two more industries which have been attacked.
Along with the 40 already known victims, prominent car manufacturers, government agencies, and a candy company has been cyber attacked. But the names of these companies have not yet been revealed in any report. According to a report on The Security Ledger, people who have access to the information about these attacks have said that at least three third party watering hole websites were used to attack the victims.
A watering hole website is a website of interest to the victim company. So the chances of the computers on the victim’s internet network visiting these websites of interest are very good, and ideally, computers from the victim’s network visit these third party websites many times on a daily basis. So the attackers find out these third party websites and inject a Java Script or an HTML script to these websites. These scripts are written to redirect the visitors to additional malicious codes. So these third party websites will be “waiting” compromise other websites, which are the victims of the attackers. If you want more info, you can visit Symantec.
And with every other report on the attacks, we still are not sure if all these attacks have been done by the same group. And since only three watering holes have been used, there is a pretty good chance that it is only one group. Anyway, if we get more info, we will be reporting it here. And as a precaution, it is better to turn off the Java plugin on your browsers. Mozilla has done this by default in its Firefox browser.