Instead of attacking the desired victims directly, the hacker profiles the individuals or companies, finding out what websites they frequent. The attacker scans those sites for vulnerabilities. Having found one or more whose defenses can be penetrated, the attacker injects code at those sites that causes the victim’s computer to automatically redirect to a separate site. The site to which the victim is diverted hosts a zero-day exploit that is lying in wait—like a lion at a watering hole—to give the attacker access to the victim’s computer so he or she can install more malware, steal data, or monitor the victim’s activities.
No comments:
Post a Comment