Avoid the Watering Hole

Dennis Snider

529 Posts

1k view


“Watering hole” attacks are attacks that are aimed at Internet users within a particular industry or group by selecting websites that they are likely to visit, infecting them, and using them to trick them into visiting malicious websites.

This type of attack, also called strategic website compromise attack, is not generally wide-ranging, and the malicious actors do rely on luck to a certain degree, but by employing email to encourage people to visit malicious websites they can be effective.

The most basic type of watering hole attack would go for the most popular websites if the attackers are simply after financial profit. However, more sophisticated attackers will try to hit a specific industry through dedicated discussion boards, industry websites, conference websites, et cetera. This will enable them to gain information that could be of enormous value, for example in manipulating the markets in a particular industry.

Watering hole attacks are particularly difficult to detect because the malicious emails used to attract victims to websites can often be sent through the legitimate website’s servers, e.g., through automatic email notifications or newsletters. Furthermore, when such attacks are made, it is difficult to know they’ve happened, as there will be little evidence on the user’s system.

As with every type of malicious action on the Internet, the absolute key to protecting against watering hole attacks is to ensure that you have the best protection installed on your systems. Keeping everything up to date and ensuring that all relevant patches and updates are downloaded in a timely manner is essential. Furthermore, users should be looking for dynamic software protection that can examine websites in use and immediately warn users when threats are detected. As above, one of the primary mechanisms used in watering hole attacks is to use emails to try and lure users into visiting malicious sites.

To combat this, software can be installed that not only examines incoming emails for signs of suspicious behavior but that also checks if users click links in an email to see whether they are going somewhere undesirable. Finally, any chosen solution should have the capacity to offer users protection both within and outside their corporate network, otherwise they could import watering hole malware back into the company network through their devices.