You must be thinking a watering hole is a hole from which animals drink water, or a pub, bar, or any kind of social gathering place. Well, that’s right, but there is another similar term in the cybersecurity world – Watering Hole Attack.
About the attack
In order to carry out a watering hole attack, hackers load malware on a whitelisted website and when a user clicks on the fraud URL malware is secretly loaded into the user’s device. The websites chosen to carry out this scam are usually less secure but see huge traffic. For example, it can be the website of a particular company whose employees need to visit it daily.
Now the question arises how do these attackers find out which are the websites frequented by a particular user group? Users themselves unknowingly provide them this information by simply surfing the internet. Through the automated tracking services used by marketing and ads, our traffic patterns can be accessed.
The vulnerable websites with low security such as the websites of smaller companies or blogs are mostly the target. Then, they plant a malicious code and wait for the users to become their victims. The success rates of this type of attack are usually very high as the attackers have already surveyed that the particular website will receive traffic.
Often these attacks are also carried out by nation-states who aim at breaking into an unyielding network and steal some important or confidential information.
The actual attack
After visiting the website, the user is left absolutely defenseless amongst the attacker’s trap. The user is not even required to click anywhere in order to download the files which may contain malware. A small code is downloaded automatically which runs in the background.
It scans for vulnerabilities and if found, a larger piece of code is delivered which starts the main attack. Once the system is in the attacker’s hands, he can now scan the device for sensitive information such as the user’s IP, financial data and other personal information.
Once they extract whatever can be gained, they may carry out codes to damage the device further and make the attack even more potentially threatening.
This kind of attack is capable of affecting a large number of people at a single go. The VOHO affair was able to trap more than 32,000 individuals from more than 4,000 organizations.
An attack was reported by the Department of Homeland Security in the year 2018 when hackers were able to break into the control rooms and gained the power to potentially cause national blackouts. This was also a disastrous incident brought about by the watering hole technique.
A watering hole attack was executed on a US news website Forbes.com in the year 2014. The vulnerabilities of Microsoft’s Internet browser and Adobe Flash were exploited. The attack was on US defense contractors and financial service companies. It was believed to be the work of Chinese state organizations.
Fighting this invisible threat
The employees in an organization can be educated on how to deal with phishing by recognizing a mimicked URL, but the main problem is to identify a legitimate website whose content has been corrupted. However, by taking a few actions the organizations can reduce the risk of watering hole attack:
Removing vulnerable software
Though these attacks can be spread through a number of softwares, the most common ones used to target are Adobe Reader, Internet Explorer, and Flash. Removing or disabling these softwares from your device will decrease the posed threat.
Updating software on a regular basis
The attacker often makes use of zero-day exploits in software to carry out the attack. Keeping your software updated, especially the security patches can lower the risk.
Looking for any unusual behavior
Keeping an eye for any unusual instances will provide you even more protection. For example, if an employee’s laptop has shared some confidential business documents, then you must inspect the case for watering hole attacks.
Using two-factor authentication
The watering hole attacks initiate by stealing usernames and passwords. Using a second authentication factor will make the job of the attacker to break into your system a bit difficult.
These are just a means of reducing the probability of this attack, although, it cannot be prevented completely as the identification of the corrupt websites is not possible. However, it’s always wise to keep yourself aware.
Interesting related article: “What is Cybersecurity?“