Following the news last week that the Dalai Lama’s Chinese website was hacked and infected, Websense Security Labs have detected further attacks against pro-Tibetan websites.
Specifically, a ‘waterhole’ attack against the Tibetan Alliance of Chicago has been discovered. Waterholing attacks are those which target users of specific websites with the aim of installing malware on their systems – usually using a backdoor approach – to collect documents, email contacts, social contacts, and passwords.
Elad Sherf, senior security researcher at IT security firm Websense, said: "This is yet another example that attacks are truly global. The waterhole attack was on a website in Chicago with an audience of Tibet nationals. The exploit website is located in the UK and the malware command and control point uses a German security vendor Dynamic DNS service, that leads back to the UK.
"In this case, the attack isn’t that complex when compared to attacks such as Stuxnet or Duqu but probably just enough to fulfil its ultimate purpose. Organisations require real-time layered security defences that have the ability to detect the attack and ‘kill’ its sequence of operation at any of its stages: from the waterhole website and the delivered exploits, to the installed malware program and the command and control point it connects to."
