Full Program »
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites
In this paper, we report our first step toward better understanding this emerging threat, through systematically discovering and analyzing new watering hole instances and attack campaigns. This was made possible by a carefully designed methodology, which repeatedly monitors a large number potential watering hole targets to detect unusual changes that could be indicative of strategic compromises. Running this system on the HTTP traffic generated from visits to 61K websites for over 5 years, we are able to discover and confirm 17 watering holes and 6 campaigns never reported before. Given so far there are merely 29 watering holes reported by blogs and technical reports, the findings we made contribute to the research on this attack vector, by adding 59\% more attack instances and information about how they work to the public knowledge.
Analyzing the new watering holes allows us to gain deeper understanding of these attacks, such as repeated compromises of political websites, their long lifetimes, unique evasion strategy (leveraging other compromised sites to serve attack payloads) and new exploit techniques (no malware delivery, web only information gathering). Also, our study brings to light interesting new observations, including the discovery of a recent JSONP attack on an NGO website that has been widely reported and apparently forced the attack to stop.
Author(s):
Sumayah alrwais
Indiana University at Bloomington
United States
Kan Yuan
Indiana University at Bloomington
United States
Eihal Alowaisheq
Indiana University at Bloomington
United States
Xiaojing Liao
Georgia Institute of Technology
United States
Alina Oprea
RSA Labs
United States
Xiaofeng Wang
Indiana University at Bloomington
United States
Zhou Li
RSA Labs
United States