{"id":7063,"date":"2021-06-28T13:16:30","date_gmt":"2021-06-28T11:16:30","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=7063"},"modified":"2021-06-28T13:16:56","modified_gmt":"2021-06-28T11:16:56","slug":"watering-hole-attack-what-these-are-how-they-work-and-how-to-prevent-becoming-a-victim","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/watering-hole-attack-what-these-are-how-they-work-and-how-to-prevent-becoming-a-victim\/","title":{"rendered":"Watering hole attacks; what these are, how they work and how to prevent becoming a victim."},"content":{"rendered":"Reading Time-approximately:<\/span> 3<\/span> minutes<\/span><\/span>\n

A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.<\/strong><\/h2>\n\n\n\n

ByGavin Wright<\/a> and Madelyn Bacon<\/a><\/p>\n\n\n\n

The goal is to infect a targeted user’s computer and gain access to the network at the target’s workplace.<\/p><\/blockquote><\/figure>\n\n\n\n

The term watering hole attack<\/em> comes from hunting. Rather than tracking its prey over a long distance, the hunter instead determines where the prey is likely to go, most commonly to a body of water — the watering hole — and the hunter waits there. When the prey comes of its own will, often with its guard down, the hunter attacks.<\/p>\n\n\n\n

The target victim can be an individual, an organization or a group of people. The attacker profiles its targets — typically, employees of large enterprises, human rights organizations, religious groups or government offices — to determine the type of websites they frequent. These are often messaging boards or general interest sites popular with the intended target.<\/p><\/blockquote>\n\n\n\n

While watering hole attacks are uncommon, they pose a considerable threat since they are difficult to detect and typically target highly secure organizations through their less security-conscious employees, business partners or connected vendors. And, because they may breach several layers of security, they can be extremely destructive.<\/p>\n\n\n\n

Watering hole attacks — a type of social engineering attack — are also referred to as water-holing<\/em>, a water hole attack<\/em> or a strategically compromised website<\/em>.<\/p>\n\n\n\n

How does a watering hole attack work?<\/strong><\/h3>\n\n\n\n

A watering hole attack involves a chain of events initiated by an attacker to gain access to a victim. However, the attacker does not target the victim directly.<\/p>\n\n\n\n

First, the attacker identifies a website or service that the intended victim already uses and is familiar with. Generally, the target site has relatively low security, is frequently visited and is popular with the intended victim. The attacker then compromises the target site and injects a malicious code payload into the site, often in the form of JavaScript or HyperText Markup Language (HTML). When the victim visits the compromised site, the payload is triggered, and it begins an\u00a0exploit\u00a0chain to infect the victim’s computer. The payload may be automatic, or the attack may cause a bogus prompt to appear telling the user to take an additional action that will download malicious code. The exploit chain may be one that already exists and is well known or a novel exploit created by the attacker.<\/p>\n\n\n\n

Once the payload has been triggered on the victim’s computer, the attacker can access other assets on the network and use that computer to launch a pivot attack to achieve other goals. The goals may be to gather information about the victim, use the victim’s computer as part of a bot network or try to exploit other computers within the victim’s network.<\/p>\n\n\n\n

\"how
How watering hole attacks work<\/strong><\/figcaption><\/figure>\n\n\n\n

Other security exploits similar to watering hole attacks<\/strong><\/h3>\n\n\n\n

A watering hole attack is similar to other tactics used by cybercriminals:<\/p>\n\n\n\n