Watering Hole Attack

Definition - What does Watering Hole Attack mean?

A watering hole attack is a malware attack in which the attacker observes the websites often visited by a victim or a particular group, and infects those sites with malware. A watering hole attack has the potential to infect the members of the targeted victim group. Although uncommon, a watering hole attack does pose a significant threat to websites, as these attacks are difficult to diagnose.

Techopedia explains Watering Hole Attack

Legitimate or popular websites of high-profile companies are usually the focus of watering hole attacks. In most cases, an attacker lurks on legitimate websites which are frequently visited by their targeted prey. The targeted prey are most commonly employees of government offices, large organizations or similar entities. The attacker then focuses on infecting these websites with malware and making the target more vulnerable. The attacker looks into the vulnerabilities associated with the websites and injects malicious programming code, often in JavaScript or HTML. The code redirects the targeted groups to a different site where the malware or malvertisements are present. The malware is now ready to be infect machines upon their access of the compromised website.

Most users unknowingly provide the tracking information while browsing. The tracking information gives the behavioral web patterns of the targeted victim groups. It also indirectly provides the attackers with information about browsing, cloud services access and security policies of the organizations.

One of the ways to defend against watering hole attacks is by educating users about such attacks. Effective detection and prevention techniques need to be used. Regular inspection of websites for malicious code should be conducted.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.