ZeroGov

water holing
attacks

A water holing attack is a type of targeted cyber attack that uses malware to infect a computer system or server by taking advantage of vulnerabilities in publicly accessible web applications. Once the system is infected, the attacker can gain access to sensitive information, such as customer data, financial information, or trade secrets.

Watering hole attacks are difficult to detect because the attacker’s goal is to infect a specific population of users rather than a large number of victims. The attacker will choose a web application that is frequented by the target population and infect it with malware. When users visit the infected website, their computers will be infected with the malware.

Watering hole attacks are difficult to defend against because it is not always possible to identify the vulnerable web applications before the attack takes place. However, there are some steps that organizations can take to reduce the risk of being targeted by a watering hole attack, such as keeping their software up to date, using web application firewalls, and implementing strong authentication measures..Resource

phishing

In computing, phishing is the fraudulent attempt to obtain sensitive information such as username, password and credit card details by disguising oneself as a trustworthy entity in an electronic communication. The word is a neologism coined as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim.

Phishing emails are typically created by attackers who study an organization and then craft an email that appears to come from a legitimate source within the organization, such as IT or HR. The email usually contains a link to a spoofed website that looks like a legitimate login page. When the user enters their credentials on the website, the attacker now has their information.

Attackers may also attach malicious files to phishing emails, which, if opened, can install malware on the victim’s computer. This malware can then be used to gain access to the victim’s email account, social media accounts, and even bank accounts.

Phishing attacks are becoming more sophisticated and difficult to detect. Here are some tips to help you protect yourself from phishing attacks:

1. Be suspicious of unsolicited emails, even if they appear to come from a trusted source. If you weren’t expecting an email from the sender, be wary of any attachments or links included in the message.

2. Hover your mouse over any links in the email to see where they’re really taking you. If the link seems suspicious, don’t click on it.

3. Never enter your username, password, or credit card details into a website that you’re not 100% sure is legitimate.

4. Keep your antivirus software up to date and run regular scans of your computer.

5. Be cautious of any emails that create a sense of urgency or require you to take immediate action.

If you think you may have been the victim of a phishing attack, change your passwords immediately and run a virus scan on your computer. You should also contact your bank or credit card company to let them know about the incident.

Visit malwarezero.org to learn more about most dangerous computer virus in the world. Disclaimer: We used this website as a reference for this blog post.