A watering hole, or water hole, is a website with vulnerabilities that hackers take advantage of to plant malware. The idea is that the malware simply lies in wait until someone visits your website, and if that someone is not using protection, he or she will find their computer or smartphone infected with that malware.
When you purchase a new PC, you wouldn’t dream of connecting to the Internet without having an antivirus tool in place. Because it’s fairly common knowledge that the pace of growth and infection of viruses and attacks that affect personal computers is increasing rapidly and they can do serious damage. PC viruses and malware are often looking for personal information, like credit card data, that can be used for criminal and fraudulent activities.
To counteract the PC infection and theft that viruses and malware can cause, anti-virus tools have a sophisticated knowledge base of active threats. And they continuously look out for computers that have out-of-date antivirus software so they can update it automatically to protect PC owners and their computers from new threats as they are discovered.
If you’re like most small business owners, you probably don’t believe that something as small as a piece of malware could threaten your business. After all, what could you possibly have that malware could want? And why would a hacker pick on you when they have so many bigger fish to go after?
Maybe this story will change your mind. A very small, nine-person business in southern California recently announced that it would have to close down suddenly and permanently after a small piece of malware known as a banking Trojan managed to slip on to the computer of one of its employees.
In a recent interview with Barry Moltz on Blog Talk Radio, Neill Feather, President of SiteLock, responds to the growing concern, particularly for small businesses, of website risks and how adding website security can protect online businesses and their reputation.
The fact is that small businesses are increasingly a prime target for cyber crime. Case in point – Neill references a recent study by Verizon that states that 95% of online businesses that are attacked by hackers have fewer than 100 employees. And the number of attacks continues to grow each day.
The Open Web Application Security Project (OWASP) was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.
As more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.