SecurityTrails Blog

Exploring Watering Hole Attacks: Tactics, Examples and Prevention


Listen Later

In order to survive, cybercrime must evolve. Cybersecurity experts are constantly working on tools, tactics and practices to monitor, prevent and respond to threats, patch vulnerabilities and avoid zero day threats. And while technology is constantly evolving, cybercriminals are constantly creating new attacks to fit the trends as well as tweak existing attacks to avoid detection.
Organizations, at large, deploy spam filters to detect viruses, use antivirus software, and secure firewall, intrusion detection and protection solutions to keep the bad guys from getting into their network. Security awareness and readiness regarding phishing attacks is also on the rise, with employees becoming better-versed in recognizing and responding to phishing attempts. Cybercriminals are thus tasked with finding ways to overcome these obstacles to their goal of gaining access to organizations' networks.
In nature, we observe predators that hide next to bodies of water, watering holes, where the prey gathers, and wait for the opportunity to attack.
Unfortunately, cybercriminals have found a way to emulate this predatory behaviour. They prey on unsuspecting victims browsing regularly visited websites. This is called a **watering hole attack**.
What are watering hole attacks?
The concept of **watering hole attacks** is similar to spear phishing. Malicious attackers have figured out that opportunistic phishing emails are easily discarded, and that the more targeted and tailored attacks are to an individual, the more the attacks are likely to succeed.
What differentiates spear phishing from watering hole attacks is that spear phishing attempts to persuade unsuspecting victims to click on an attachment or perform other actions with which they would divulge their private information.
Watering hole attacks, on the other hand, don't need to lure victims in that way. These attacks are already positioned in a particular space, infecting a third party-service or a website that the victim frequents, using using malware with the end goal of infecting the user’s device and gaining access to an organization's network.
We do see more opportunistic-in-nature watering hole attacks, possibly actors building a botnet, in which more widely popular websites are infected. We'll be focusing on those more sophisticated and targeted watering hole attacks, but their techniques don't differ all that much.
Objectives for such attacks include gaining access to sensitive computer systems as well as data theft, whether financial, personal, strategic or intellectual. While they are targeted, they do have a wider scope than spear phishing, and catch more victims than those targeted — so if they get lucky, they'll catch the ones that will reveal the desired network credentials that allow the attackers access to the network.
Because relying on luck isn't the most optimal solution, attackers often combine watering hole attacks with spear phishing campaigns. This way, they can send victims highly targeted and customized emails prompting them to visit a website that seems harmless and familiar but is, in fact, compromised and will infect users with malware. This is often done by compromising the website's automated email system, ensuring any detection is avoided.
Another tactic attackers use to avoid being detected is employing social engineeringtechniques geared toward specifically choosing and compromising legitimate websites, appropriate to their target. This will ensure these websites are not blacklisted.
Watering hole attacks usually target businesses and organizations through their employees, vendors and suppliers, but public websites that are popular in the victim's industry can be effective as well. These include discussion boards, smaller news outlets, industry conferences, and more.
How does waterholing work?
Attackers start with a target. They then find websites that users frequent, compromise the websites, wait for victims to enter, then in...
...more
View all episodesView all episodes
Download on the App Store

SecurityTrails BlogBy SecurityTrails