WhatsApp Rolls-Out Emojis and Sharing of Files Over 2GB
Following last month’s announcement, Meta’s WhatsApp is rolling-out emojis and the ability to share files within WhatsApp up to 2GB in size.
In this tech insight, we look at what a watering hole attack is, some examples of such attacks, and how businesses can defend against this threat.
A watering hole attack is a targeted, ‘supply chain,’ cyber-attack strategy, similar to spear phishing. With this strategy, the attacker identifies a website that’s frequented by users of a targeted organisation, or entire sector. The attacker then infects the website(s) with malware and identifies weaknesses in the main target’s cyber-security. The attacker then manipulates the ‘watering hole’ site to deliver that malware, such as a Remote Access Trojan (RAT), so that it can exploit these weaknesses.
When a member of the target organisation’s device becomes infected (like drinking from a poisoned watering hole, hence the name) in a way that the target will not notice (also known as ‘drive by’), the attacker can then gain access to the infected device. This can, in turn, enable the attacker to access the target organisation’s network
The goal(s) of this strategy, as with other strategies is/are to steal personal information, banking details, and intellectual property, and/or to conduct espionage. Also, it can enable the attacker to access corporate systems and assets, and potentially gain further details for even more cyber-attacks.
Examples of watering hole attacks include:
Ways that you can protect your business from watering hole attacks include:
This is broadly a supply-chain related attack (web resources) where instead of actively hacking or sending phishing emails, the criminals set traps for unsuspecting victims to walk into. In this respect, it is less obvious for businesses to spot. The first step is recognising and raising awareness of the threat. Following normal security good practice is always helpful plus some additional measures in this case such as identifying, regularly inspecting and monitoring websites that are most visited by employees and focusing on what additional malware protection can be added to employees’ browsers and devices. With an increasing number of more complex and inventive attack methods, many businesses are shifting to a complete ‘Zero Trust’ approach for their IT security. A more a data-centred rather than ‘moat and castle’ view of IT security gives companies greater holistic control and reduces the potential for the kind of gaps that cyber criminals can exploit with strategies like watering hole attacks.
Following last month’s announcement, Meta’s WhatsApp is rolling-out emojis and the ability to share files within WhatsApp up to 2GB in size.
Apple, Google and Microsoft have announced that they are joining forces to support a common passwordless sign-in standard that will allow websites and apps to offer consistent, secure and easy sign-ins across devices and platforms.
In this article, we look at the legal issues around recording calls on your mobile, and the different methods for doing so.