A watering hole attack consists of injecting malicious code into the public web pages of a site that the targets usually visit. Once a victim visits the page on the compromised website, malware can be installed on the visitor’s computer. The watering hole method of attack is very common for cyber-espionage operations or state-sponsored attacks.
Targeting a specific website is much more difficult than merely locating websites that contain a vulnerability. The attacker has to research and probe for a weakness on the chosen website. Thus, the attackers may compromise a website months before they actually use it in an attack. Once compromised, the attackers periodically connect to the website to ensure that they still have access. This way, the attackers can infect a number of websites in one stroke. They are even in a position to inspect the website logs to identify any potential victims of interest. This technique ensures that they obtain the maximum return for their valuable exploit.
It is a common conviction that this type of attack is related to state-sponsored offensives. The choice of the website to compromise, the study of victim’s habits, and the adoption of an efficient exploit code are steps that require a significant effort in the preparation phase of the attack.
The efficiency of watering hole attacks increases with the use of zero-day exploits that affect the victim’s software. In this case, victims have no way to protect their systems from the malware diffusion unless they have proper protections and procedures in place to defend themselves.
Want to gauge how susceptible your business is to a watering hole attack? Call (504) 372-1372 today to schedule an appointment to discuss your business practices and how Yes Tech can help you avoid this and other social engineering attacks.