Dekeneas is an AI powered early detection system aimed at identifying watering hole attacks in online environments, assisted by powerful code instrumentation and analysis.
WHERE are the watering holes?
A watering hole attack is a complex attack vector targeting specific groups of users, by infecting legitimate but vulnerable websites which the targeted audience visits on a regular basis. Usually the infected websites can be regarded as a company's external resource or a common denominator for its employees.
For example, a mobile app development forum would be a perfect spot for a watering hole attack targeting smartphone manufacturers' employees. A niche conference or event website are other very good examples, their temporary nature making these prime candidates for structural vulnerabilities.
WHEN to lookout for predators?
If the blame for successful phishing attempts is usually hastily placed on the user for interacting with unsolicited e-mail, all the user has to do in the case of a watering hole attack is to access a legitimate website that they might even be browsing on a regular basis, for work-related research, information or collaboration. Nothing out of the ordinary needs to happen.
Such attacks usually result in the total compromise of a user’s computer or device and beginning with the rise in popularity of cryptocurrencies, victims that are deemed of lesser importance or are no longer useful to the attacker's specific goal are turned into stealth cryptocurrency mining bots.
WHO got snared at the watering hole?
To date, not only has big tech fallen victim to watering hole attacks, but alongside Facebook, Apple, Twitter and Microsoft so have banks, fintech companies, defense industry contractors, intelligence operatives, activist groups, investigative journalists and government resources all over the world.
During our forensic post-incident work, we identified that 70% of high profile data breaches have resulted from watering hole attacks.
WHY is early detection the only protection?
In 99% of cases the user is totally unaware and unsuspecting of the breach, as the exploitation is happening covertly, using sophisticated and obscure vulnerabilities with no direct evidence of the attack.
Hackers employ ubiquitous, cross-platform zero-day exploits in their attacks, which makes this threat especially damaging and very difficult to diagnose post-factum.
Most documented cases have been found by mere coincidence, therefore it is safe to assume that watering hole attacks are not rare, but are rarely discovered.