What Does Watering Hole Attack Mean?
A watering hole attack is a malware attack in which the attacker
observes the websites often visited by a victim or a particular group, and
infects those sites with malware. A watering hole attack has the
potential to infect the members of the targeted victim group. Although
uncommon, a watering hole attack does pose a significant threat to websites, as these attacks
are difficult to diagnose.
Techopedia Explains Watering Hole Attack
Legitimate or popular websites of high-profile companies are usually the focus of watering hole attacks. In most cases, an attacker lurks on legitimate websites which are frequently visited by their targeted prey. The targeted prey are most commonly employees of government offices, large organizations or similar entities. The attacker then focuses on infecting these websites with malware and making the target more vulnerable. The attacker looks into the vulnerabilities associated with the websites and injects malicious programming code, often in JavaScript or HTML. The code redirects the targeted groups to a different site where the malware or malvertisements are present. The malware is now ready to be infect machines upon their access of the compromised website.
Most users unknowingly provide the tracking information while browsing. The tracking information gives the behavioral web patterns of the targeted victim groups. It also indirectly provides the attackers with information about browsing, cloud services access and security policies of the organizations.
One of the ways to defend against watering hole attacks is by educating users about such attacks. Effective detection and prevention techniques need to be used. Regular inspection of websites for malicious code should be conducted.