Top

Published in:

2021 | OriginalPaper | Chapter

The New Office Threat: A Simulation of Watering Hole Cyberattacks

Authors : Braeden Bowen, Jeremy Eraybar, Iyanuoluwa Odebode, Douglas D. Hodson, Michael R. Grimaila

Published in: Advances in Parallel & Distributed Processing, and Applications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The focus of this paper is to develop a DEVS-style simulation model to manipulate common variables in an advanced persistent threat (APT)-style watering hole attack, a style of attack that targets an organization or target group by infecting a commonly used website or service. A simulation of the environment exposed to this specific attack was developed through Python, carrying variables of target group size, number of trusted sites, and duration of attack before discovery. Analysis of simulation averages suggest that the size of the target group and the duration of the attack are the most important factors in the spread of the malware, though for each category the returns on speed of infection diminish as the size and time of the overall control groups increase.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter CovidLock Attack Simulation

next chapter Simulation of SYN Flood Attack and Counter-Attack Methods Using Average Connection Times

G. Gordon, A general purpose systems simulator. IBM Syst. J. 1(1), 18–32 (1962)CrossRef

R. Grimes, Watch out for waterhole attacks—hackers’ latest stealth weapon, 2013. [Online]. Available: https://www.csoonline.com/article/2614643. Accessed 15 June 2021

K.A. Ismail, M.M. Singh, N. Mustaffa, P. Keikhosrokiani, Z. Zulkefli, Security strategies for hindering watering hole cyber crime attack. Proc. Comput. Sci. 124, 656–663 (2017)CrossRef

N. Krithika, A study on wha (watering hole attack)–the most dangerous threat to the organisation. Int. J. Innov. Sci. Eng. Res. 4(8), 196–198 (2017)

O. Kupreev, E. Badovskaya, A. Gutnikov, Ddos attacks in q1 2019 (2019)

M. Mimoso, Council on foreign relations website hit by watering hole attack, ie zero-day exploit, December 2012. [Online]. Available: https://threatpost.com/council-foreign-relations-website-hit-watering-hole-attack-ie-zero-day-exploit-122912/77352/. Accessed 15 June 2021

R. Olivarez, Watering hole attacks: Tips on outsmarting the hackers. May 6, 2014. [Online]. Available: https://wp.nyu.edu/connect/2014/05/06/watering-hole-attacks/. Accessed 15 June 2021

M. Bacon M. Rouse, Watering hole attack; Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/Watering_hole_attack. Accessed 15 June 2021

G.V. Umoh, N.P. Paul, The adverse effect of watering hole attack in distributed systems and the preventive measures. International Journal of Computer Trends and Technology (IJCTT) 23(4), 162–165 (2015)

10.

Y. Van Tendeloo, H. Vangheluwe, An overview of pythonpdevs. JDF 2016-Les Journées DEVS Francophones-Théorie et Applications, pp. 59–66 (2016)

11.

Y. Van Tendeloo, H. Vangheluwe, An evaluation of devs simulation tools. Simulation 93(2), 103–121 (2017)CrossRef

12.

B.P. Zeigler, A. Muzy, From discrete event simulation to discrete event specified systems (devs). IFAC-PapersOnLine 50(1), 3039–3044 (2017)CrossRef

13.

B.P. Zeigler, J.J. Nutaro, Towards a framework for more robust validation and verification of simulation models for systems of systems. J. Def. Model. Simul. 13(1), 3–16 (2016)CrossRef

14.

B.P. Zeigler, T.G. Kim, H. Praehofer, Theory of Modeling and Simulation (Academic Press, 2000)

Title: The New Office Threat: A Simulation of Watering Hole Cyberattacks
Authors: Braeden Bowen
Jeremy Eraybar
Iyanuoluwa Odebode
Douglas D. Hodson
Michael R. Grimaila
Publisher: Springer International Publishing
Book: Advances in Parallel & Distributed Processing, and Applications
Print ISBN: 978-3-030-69983-3

Electronic ISBN: 978-3-030-69984-0

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-69984-0_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"