How to Protect Yourself Against Watering Hole Attacks

How to Protect Yourself Against Watering Hole Attacks


68 Posts




Cyber criminals have once again proven their ability to evolve. The latest cyber-attack method has been termed the ‘Watering Hole Attack’. This form of attack uses cloud services to slip through the security of even the most watertight government agencies.

Once upon a time, attacks were simple
In the past, web attacks came in the form of malicious emails with questionable titles or even poorly written messages from rich Nigerian generals. Now, cyber-attacks take the form of sophisticated spear phishing campaigns that target key individuals. They seek to exploit individuals or digital certificate weaknesses that can be used to control an organization’s infrastructure. In either case, attacks rely on end users clicking malicious links or opening suspicious files.

In more recent times, the internet has seen the dawn of a new online attack. In order to achieve the aim of such attacks, individuals must first be stalked online. For success, the attacker must identify a site which has the user’s trust (a ‘watering hole’ of sorts). Once the trusted site has been identified, the attacker will place their malware on that site, rather than embedding it within an email.

Finding a watering hole
Although it may sound simple to attach malware to a frequently visited site, it’s important that attackers can first identify the correct sites. While it is difficult to insert malware into a major website such as or, it can be easier on smaller sites with weaker security.

Whenever we surf the net on company computers, automated tracking systems monitor our access behaviors and subsequently present us with targeted marketing. These tracking activities capture our browsing patterns without our knowledge. They indirectly map the web patterns of entire organizations. Malicious parties can then exploit these maps, identifying the most vulnerable sites and planting their malicious codes at these watering holes.

Executing the plan
Once a target accesses a watering hole, the malicious code embedded on the site will redirect them to another location. Without the target knowing, a small piece of code will be downloaded to their system. This code will then scan the system for vulnerabilities. Should ideal weaknesses be identified, a larger piece of code will be downloaded and used to deliver the main attack. This gives attackers access to sensitive information such as customer details and financial data.

9 thoughts on “How to Protect Yourself Against Watering Hole Attacks

  1. Monica

    I will right away grab your rss as I can’t to find your e-mail subscription hyperlink
    or e-newsletter service. Do you have any? Please allow me understand so that I
    may just subscribe. Thanks.

    Feel free to visit my homepage :: website hosting companies

    August 10, 2020 at 1:06 pm Reply
  2. Eugenia

    This info is worth everyone’s attention. How can I
    find out more? adreamoftrains web hosting providers
    best web hosting company

    August 11, 2020 at 11:17 pm Reply
  3. Newton

    Hola! I’ve been following your site for some time now and
    finally got the courage to go ahead and give you a shout out from Porter Tx!

    Just wanted to mention keep up the excellent job!

    Also visit my website :: best web hosting sites

    August 13, 2020 at 7:44 pm Reply
  4. Louie

    Pretty section of content. I just stumbled upon your weblog and in accession capital to assert that I acquire actually enjoyed account
    your blog posts. Any way I’ll be subscribing to your feeds and even I achievement you access consistently quickly.

    Here is my web blog :: cheap flights

    August 23, 2020 at 8:53 pm Reply
  5. Juliane

    It’s a pity you don’t have a donate button! I’d definitely donate to this excellent blog!
    I guess for now i’ll settle for book-marking and
    adding your RSS feed to my Google account. I look forward to brand new
    updates and will talk about this site with my Facebook group.
    Talk soon! 32hvAj4 cheap flights

    August 25, 2020 at 1:40 am Reply
  6. Tony

    Pretty section of content. I simply stumbled upon your website and in accession capital to say that I get in fact loved account your blog
    posts. Anyway I will be subscribing for your feeds and even I success
    you get right of entry to constantly fast. cheap flights 32hvAj4

    August 25, 2020 at 5:44 am Reply
  7. Maybelle

    Wow that was unusual. I just wrote an really long comment but after
    I clicked submit my comment didn’t show up.
    Grrrr… well I’m not writing all that over again. Anyhow, just wanted
    to say great blog!

    My website: cheap flights

    August 26, 2020 at 9:12 pm Reply
  8. Octavio

    I just like the helpful info you provide to your articles.
    I will bookmark your blog and test again right here frequently.

    I’m quite certain I’ll learn plenty of new stuff right here!
    Best of luck for the following!

    Here is my webpage … cheap flights

    August 27, 2020 at 8:12 pm Reply
  9. Demetra

    Hi i am kavin, its my first occasion to commenting anywhere, when i read
    this article i thought i could also create comment
    due to this brilliant post.

    My webpage :: web hosting services

    August 31, 2020 at 1:41 pm Reply

Leave a Reply

Your email address will not be published. Required fields are marked *