Press "Enter" to skip to content

Watering Hole Attack

Last updated on April 19, 2022

According to security experts, we humans are the weak link. No matter what kind of hacking is involved, there is always negligence on the part of someone.

It could be something as simple as clicking on a link and providing your sensitive personal information to an authentic-looking phishing website. Another possibility is accidentally unzipping a potentially harmful attachment while on the company’s network.

Crimesters are constantly devising new ways to con individual and corporate victims worldwide to steal their personal, financial information and gain access to the system.

In addition to malware targeted attacks, another popular approach hackers are employing today is “Watering Hole Attacks”. A social engineering technique that needs to be understood well in order to prevent the threat.

Let’s start with the watering hole definition.

What is a watering hole attack in social engineering?

As a social engineering technique, a watering hole attack entails the attacker trying to infiltrate a particular end-user group through the creation of new websites targeted at that group, or through the infection of existing websites known to be visited by that group.

Social engineering pertaining to cybersecurity or information security involves manipulating the human mind and getting them to take actions that reveal sensitive data.

here’s how watering hole attack work.

Watering hole attack examples

Example 1

A Chinese attacker attacked Forbes in 2015 using this watering hole attack. Reports indicate that hackers exploited a zero-day vulnerability in Adobe Flash and Internet Explorer in order to sabotage the Forbes – Thought of the day section.

Whenever someone visited, the flash widget loaded, so any device with a vulnerability could be impacted merely by simply checking the site while the campaign was in progress.

This watering hole attack was aimed primarily at the defense and financial services industries.

Example 2

Hackers from North Korea’s “Lazarus” group injected malicious code into legitimate websites targeted by “Lazarus” in 2017 that were likely to be visited by the victims.

In order to spread the malware, it only infected visitors who were affiliated with firms affiliated with 104 organizations spread across 31 countries.

Poland accounted for the most targets, followed by Mexico, Brazil, and Chile.

Example 3

Watering hole attacks were conducted by “OceanLotus” and “APT32” in 2018, compromising nearly 21 websites.

These 21 different compromised websites are directed to another domain owned or maintained by OceanLotus

Here are some of the websites that were compromised:

  • International cooperation of Cambodia
  • Ministry of defense of Cambodia
  • Ministry of foreign affairs
  • Several Vietnamese newspapers plus other blog websites.

Most commonly, watering hole attacks involve hackers exploiting popular websites.

As well as the speculated targets, “OceanLotus” managed to compromise some other popular websites, as well.

How to prevent watering hole attacks?

Everyday activities are made easier by the internet. For this reason, we can’t completely eliminate internet communication. Instead, individuals and organizations should take preventative steps.

  1. As a first step to preventing this type of attack, periodically check your current protection systems and measures to ensure you are adequately suited to protect against browser and application attacks.
  2. Keeping your operating system and software updated is highly recommended to prevent such attacks.
  3. The traffic from 3rd-parties should be considered doubtful unless otherwise confirmed. There should be no difference between data coming from a partner web property versus a well-known online directory.
  4. Ensure proper configuration of firewalls as well as related network security components.
  5. In order to protect yourself, turn on VPNs in your browser and make use of the private browsing options.
  6. For example, checking HTTP or HTTPS for infected websites with a web gateway solution.

Be First to Comment

    Leave a Reply