Monkey See... Monkey Do

In this month’s trending, readers of this site may have noticed DDoS being used to prevent democracy in Zimbabwe. It goes to show that it is not the direct attack that you must be concerned with but also your critical supporting systems or in this case ISPs.


Also in this months reporting, the continued trend of Monkey-see, monkey-do seems to be in play for Automobile manufacturers.
The industry continues to see overseas websites targeted in defacing type attacks.

Similarly, Law Enforcement Community portals gathered a bit of the same unwanted attention with the latest at time of this post occurring

News organizations continue to see social media based attacks even with the new two factor authentication twitter recently introduced.
Trending continues to show watering hole based attacks as a growing concern.

These types of attacks use an indirect attack method by getting a victim to browse a site that has been compromised and is used to run malicious software against the victim. Clients normally protected by an enterprises infrastructure are subject to attack through business partner portals, vendor sites, and even unsecured wifi hotspots at the local coffee shop they frequent. Defense is reduced to user awareness and the effectiveness of virus signatures on the users PC. (Assuming a zero-day is not used) Plugging this newly infected box back into the enterprise now introduces a foothold for the would-be attacker effectively bypassing direct filtering and leading to a bad day at the office.

One has to wonder with all the money being spent on front door protection mechanisms (Enterprise filtering software), why more importance is not placed on virtualized machines that are used to browse the unfriendly web.