Watering hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected. The malware used in these attacks typically collects information on the user. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.
Contents
- Software Patches
- Careful Monitoring
- 2012 Council on Foreign Relations
- 2013 Department of Labor
- 2016 Polish Banks
- References
Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.
Software Patches
Websites are often infected through zero-day vulnerabilities on browsers or other software. Software with vulnerabilities should patch their software to remove the vulnerability that caused site to be infected. Users should ensure that all of their software is up-to-date with the latest version of their software.
Careful Monitoring
Companies should thoroughly monitor their websites and networks and then block any traffic if malicious content is detected.
2012 Council on Foreign Relations
In December of 2012, the Council on Foreign Relations website was found to infected with malware through a zero-day vulnerability in Microsoft's Internet Explorer. In this attack, the malware was only deployed to users using Internet Explorer set to English, Chinese, Japanese, Korean and Russian.
2013 Department of Labor
In early 2013, attackers used the United States Department of Labor website to gather information on users' information. This attack specifically targeted users visiting pages with nuclear-related content.
2016 Polish Banks
In late 2016, a Polish bank discovered malware on computers belonging to the institution. It is believed that the source of this malware was the web server of the Polish Financial Supervision Authority. There have been no reports on any financial losses as a result of this hack.