Cloud-native watering hole attack: Simple and potentially devastating
In this era of increasing technological complexity, watering hole attacks build on a model of simplicity. Just like predatory animals that hover near sources of water favored by their prey, attackers systematically infect websites likely to be visited by their targets. The law of probability suggests that a member of the target group frequenting the site will eventually become infected and expose exploitable vulnerabilities in the target’s network. The strategy is simple, subtle and potentially devastating.
The perpetrators are as diverse as their targets – fraudsters looking to steal identities, cybercriminal gangs in pursuit of quick profits, nation-state-backed attackers seeking access to larger networks – but the goal is typically the same: gain access to the victim’s place of employment, which likely contains valuable data. And, as cloud technologies become more varied and omnipresent and as cloud stacks become increasingly modular and layered, we’re going to see a higher rate of full-on attacks.
That’s particularly true of the supply chain. As cloud components continue to get democratized — think containers, Kubernetes distributions, service mesh, serverless, container registries, etc. — there’s going to be a fresh supply of vendors filling the demand for components, consulting, and so on. This clearly meets a critical need, but also opens up potential security compromises, including cloud-native watering hole attack risks.