How to defend against waterholes
Waterhole exploits can crop up on popular websites or even on poisoned Wi-Fi hotspots located near your company. How do you defend against a threat that isn't inside your network, whose assets you can't control?
Start by making your users — especially those with access to critical infrastructure and data — aware of waterhole attacks. They are the prime targets. Just as we had to make people aware that their favorite website might serve up fake antivirus software, so too must we now warn them about waterhole attacks.
Education is a start, but we need effective detection and prevention controls, too. Start by monitoring the top 100 websites favored by the employees responsible for your critical infrastructure. Some might see this as a privacy invasion, but you don't need to tie the websites to particular employees.
Inspect those websites for malicious coding on an ongoing basis. If your monitoring system detects maliciousness, block the traffic (and possibly warn the user). If the website continues to host malicious links, block the site. If the site is needed and desired by employees, contact the website's admins and let them know they have a malware problem.
We all have our favorite watering holes. Unfortunately, it's up to us to be the bouncer if the owner isn't handling the job.
Sign up for CIO Asia eNewsletters.