Cisco Warns of Internet Dangers That Are Easily Preventable

A string of recent attacks against oil and gas companies as well as the recent Cryptolocker ransomware incident are examples of current threats that Cisco researchers are now warning about.

While there is a certain amount of focus by security vendors on zero-day threats that have not yet been patched, networking giant Cisco Systems doesn't want people to forget about the need for good Internet hygiene to protect against all the other types of online threats.

In a press briefing today, Craig Williams, technical leader of Threat Research Analysis & Communications (TRAC) at Cisco, talked about three recent sets of attacks, all of which could have been prevented if the victims had properly followed a few simple Internet security best practices.

One of the attacks, known as a "watering hole" attack, targeted oil and gas companies. In a watering hole attack, a commonly visited Website (the watering hole) is infected with some form of malware, which is then distributed to all subsequent visitors to the site.

Cisco TRAC discovered 10 Websites in the oil and gas sector that had become watering hole sites. Williams did not specifically identify all 10 sites, though he did note that they include a large firm with operations in Africa, Morocco and Brazil; a natural gas power station in the U.K.; and a gas distributor in France.

From a technical perspective, the watering hole attack involved the placement of a snippet of malicious JavaScript code that points to a malicious domain. The malicious page includes an exploit inject by way of an iframe that could enable the attacker to infect a user by browser. An iframe is an embedded element within a Website, Williams said.

In the oil and gas industry attack, Cisco TRAC found that three publicly reported vulnerabilities were to blame as the root cause of the infections. The vulnerabilities included CVE 2012-1723, which is a Java exploit, as well as the Microsoft IE 8 CVE 2013-1347 exploit and the Firefox CVE 2013-1690 exploit. Williams said all three of the vulnerabilities have already been patched by the affected software vendors with updates that are generally available for organizations and end users to deploy.

"There is no reason why these boxes should have been vulnerable except for the fact that they weren't following best practices," he said.

The oil and gas vendors, or anyone else for that matter, could have protected themselves from the watering hole attack with patching vigilance, Williams said. He recommends that users and organizations keep all servers up-to-date with the latest patches. It's also important to update all plug-ins for Web browsers, especially Java—an oft-targeted technology that is frequently updated.

Network security solutions, including antivirus and intrusion prevention systems (IPSes), can further reduce the risk, Williams said.

Another type of attack that good hygiene could easily prevent is the Cryptolocker ransomware attack, Williams added. The way Cryptolocker works is it infects user desktops and then encrypts data. The only way users get access back to their data is if they pay the ransom (hence the term "ransomware") to the hackers.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.