What Are Watering Hole Attacks?


9 September, 2016

Watering hole attack is a relatively new technique used by the hackers and is mainly targeted towards compromising a business’ network security. This type of attack involves exploiting a security vulnerability in a selected website. When the target user visits the website, the attack is initiated and his computer system is infected with the malware. A watering hole attack is quite similar to a drive-by download, except that it is highly targeted and extremely difficult to detect.

How Does A Watering Hole Attack Work?

A watering hole attack typically involves the following steps:

  1. Determine target group
    First, the attacker identifies the target group, who are mainly employees of large business firms and government organizations, to determine the type of websites they are most likely to visit.
  2. Identify Vulnerabilities
    The attacker carefully tests the selected websites for any vulnerabilities that can be exploited. He examines the web servers, ad servers, web apps etc. to pinpoint the security flaws.
  3. Inject Malicious Code
    After the attacker has selected a website to be compromised, he injects a malicious JavaScript or HTML code into it. The code, then, redirects the users to another website that hosts the malware.
  4. Infect The Target Group
    Once the target users visit the website, the malware gets downloaded into their computer systems. It may be in the form of a Remote Access Trojan (RAT) that includes a back door to provide the hacker with complete administrative control of the infected computer.

Tip To Prevent Watering Hole Attacks?

Regular Updating Of Software
Hackers tend to initiate a watering hole attack by exploiting zero-day vulnerabilities in the computer software. Thus, it is recommended to keep your system updated with the latest patches released by genuine software vendors.

Vulnerability Shielding
Watering hole attacks involve following a definite network path to exploit the security flaws in a website. Vulnerability shielding or virtual patching, allows the administrators to monitor traffic and identify any aberrations from the usual protocols. This, in turn, helps to prevent vulnerability exploits.

Using Virtual Private Network
The highly targeted nature of watering hole attacks makes the malware to be active only when a specific set of users visit the website. When you access the internet through a virtual private network (VPN), it hides your IP address and other tracking data so that the malware does not perceive you as a targeted victim.

For more information on watering hole attacks, feel free to contact Centex Technologies at (855) 375 – 9654.

, ,

Comments are closed.