Watering Hole Attacks

Part 1 – 6: Terms and Definitions for Watering Hole Attacks

A Watering Hole Attack requires a bit of research before conducting the attack. The attacker needs to do some Reconnaissance and determine what and where users are visiting frequently, such as a website. Once an attack has a website in mind, they can plant a trap, a virus, pop up, or any form of malware on the website, and hopefully have the users click on the link which starts the chain of reaction. The more users that click on the malware in the website, the more changes the attacker could gain access to internal systems, access to the employee’s computer, or further plant malware on end-user systems to provide Back-Door to the system.

Conducting a watering hole attack can be very difficult as the attacker would need to infiltrate a website and plant malware or some form of a virus on the website, usually in the form of JavaScript. It can also be difficult for security systems to determine a problem with a website before it is too late. One of the common ways to prevent watering hole attacks are use of additional firewalls and a third party Anti-Virus. A firewall can prevent port attacks, foreign IP addresses, and other types of attacks from manifesting over the network and stopping the attack at the root of the website. Another way to prevent such attacks is to have an additional or third-party anti-virus software or system. Anti-virus software protects the end-user device specifically at the point of the attack. Database updates are provided to the end-user which are based on finding active attacks being used around the world. The known attacks are compiled and Reverse Engineered to determine a way to stop the attack from happening. When a solution is found, the database updates are sent to customers of the anti-virus system which immediately start preventing similar attacks from happening on the end-user system.