Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Government Agencies, Utilities Among Targets of ‘VOHO’ Cyber-Spy Attacks

    By
    ROBERT LEMOS
    -
    September 27, 2012
    Share
    Facebook
    Twitter
    Linkedin

      The computer systems of nearly 1,000 companies, government agencies and nonprofit organizations were compromised in a cyber-espionage operation that used semi-targeted attacks—known as waterhole attacks—to infect systems within certain industries, such as international finance, utilities, defense and government contractors, security firm RSA stated in a report released on Sept. 26.

      The campaign, dubbed VOHO by RSA, compromised Websites whose audiences lived in specific regions—near Boston and Washington, D.C., or whose audiences sought out specific types of information, such as political activism, defense or education. In an analysis of the attacks, security giant RSA found that more than 32,000 systems were redirected from compromised Web servers and, of those systems, 12 percent were infected with the malicious software.

      Such an attack strategy is known as a “waterhole” operation. Attackers identify Websites that their intended targets are likely to visit and then compromise those sites with code designed to redirect visitors to another server that attempts to infect the victim’s computer.

      “They are casting a wide net in hopes that by doing so, they are going to impact a number of entities, but most importantly, the targets have relevance to what they are looking for,” said Will Gragido, advanced threat intelligence lead for the FirstWatch team at RSA.

      The attacks installed a remote access Trojan, known as Gh0st RAT, previously identified in cyber-espionage attacks against religious and political organizations and technology companies. In the case of the latest operation, the remote-access Trojan was installed by what appeared to be an update for Microsoft or Symantec software, the report stated.

      Drive-by attacks typically have a 5 to 10 percent success rate, so the 12 percent infection rate is high, Gragido said. There are a number of factors that could be responsible for the higher infection rate. Victims that trust the compromised Website or service may be more likely to take risky actions that could get their systems infected, he said. In addition, exploit kits that use exploits for vulnerabilities in Java typically have better success rates than those that use older vulnerabilities. About half the exploits used in the VOHO attack targeted Java, according to RSA data.

      The attacks compromised a large number of companies, mainly in the financial, health care, and utilities sectors. A large number of local and federal government agencies were also impacted. While RSA did not find traces of the information stolen from the organizations, the collection of targets suggest that the attack may be nation-state related, Gragido said.

      “Based on our research, we were not able to establish what they were after in respect to the targets,” he said. “One could, however, say that—based on the targets of interest—it was a cyber-espionage operation.”

      The compromised computers communicated with command-and-control servers in Hong Kong, RSA said.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×