Targeted spear-phishing attacks are going after not just individuals but entire websites that function as "watering holes" for groups of people with focused interests, according to security company Websense.
Spear-phishing is most associated with targeted attacks, typically via malware-loaded email, intended to take over an individual's computer to spy or steal something important from the victim. But a more recent trend in spear-phishing is the targeting of entire websites in order to have a crack at a community of individuals whose computers you'd like to compromise, says Chris Astacio, security research manager at Websense.
In this "watering hole" attack, the goal is to compromise a website to understand who visits it and why, and place malware on it to try and target these visitors, Astacio says. For the attackers, "the idea is that they lie in wait," he says, watching what individuals do in order to target them.
Websense says it believes examples of known "watering hole" attacks now include the Institute for National Security Studies website in Israel which in May was discovered to be injected with malicious code. Around the same time, the Amnesty International UK website was compromised with a remote-access Trojan, and in August the Nepalese government websites were compromised with a similar type of Trojan.
These kind of "watering hole" incidents "may be a way for nation-states to garner additional information from a select audience without having to know the contact information or specific lure likely to compromise a target," Websense says in its notes. "This could be considered reconnaissance leading to more specific targeting and a more traditional spear-phishing attempt."
Traditional spear-phishing attacks have become commonplace and are regarded as the first step in serious financial crime or business and government espionage. The White House, for instance, just this month acknowledged a spear-phishing attack may have come from Chinese hackers.