Date First Published: 30th May 2023
Topic: Cybersecurity
Subtopic: Threats To Systems, Data & Information
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 7/10
Learn more about what a watering hole attack is in this article.
A watering hole attack is a type of cyberattack where the attacker identifies websites that are commonly visited by members of an organisation and infects them with malware to infect the computers in the organisation. Even though watering hole attacks are quite rare, they are difficult to detect and pose a great security risk since members of the organisation are already familiar with the websites and were not expecting them to be infected with malware. Getting traffic to a new website can take a long time, which is why attackers prefer to compromise legitimate, high-traffic websites that have not been blacklisted.
Attackers often rely on zero-day vulnerabilities, SQL injection, cross-site scripting, drive-by downloads, malvertising, and DNS cache poisoning to perform watering hole attacks. Attackers can use these tactics to inject malicious client-side scripts into a webpage, steal data, spread malware using online ads, and automatically redirect visitors to malicious pages.
Watering hole attacks work in the following steps below:
The term "watering hole attack" comes from animal predators determining where the prey is likely to go, most likely to a water hole and the predator waits there. When the prey is willing to come out, often with its guard down, the predator attacks. Like the way predators in the wild wait near watering holes for a chance to attack their prey, attackers target websites where members of an organisation are most likely to go.
In December 2012, the Council on Foreign Relations website was discovered to be infected with malware. It was infected by a zero-day vulnerability in Internet Explorer. The malware only targeted users using Internet Explorer set to English, Chinese, Japanese, Korean, and Russian.
In 2013, the Havex malware was discovered. Targeting the energy, aviation, pharmaceutical, defence, and petrochemical industries, Energetic Bear started using Havex in a spying campaign. The campaign mostly targeted individuals in Europe and the United States. In addition to spear phishing tactics, Havex used supply chain and watering-hole attacks on ICS vendor software to access victim systems.
In 2013, attackers used the United States Department of Labor website to gather private information about visitors. Users who visited websites containing nuclear-related content were the target of this attack.
The NotPetya malware, which appears to have come from Ukraine, infected a Ukrainian government website in June 2017. Users downloading it from the website served as the attack target. The malicious software wiped out the content of victim's hard drives.
In 2019, cybercriminals used a malicious Adobe Flash popup to trigger a drive-by download attack on some websites. Called Holy Water, this attack targeted religious, charity, and volunteer websites.
In 2021, Google's Threat Analysis Group discovered watering hole attacks targeting media and pro-democracy website visitors in Hong Kong. It established a backdoor on Apple devices.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection
