A watering hole attack takes place when a hacker compromises a specific audience either by infecting an existing website likely to attract the targeted audience or by creating a website to
lure in the intended users. The number of watering hole attacks has grown steadily for the last few years. The attack’s purpose is to steal users’ credentials. The perpetrators then use those credentials to compromise the users’ PCs and gain access to their company’s network remotely.
Watering hole attacks start out
like spear phishing but on a wider scale, using a net to catch many victims rather than a spear to skewer a specific individual. To use another analogy, phishing can be compared to giving poisoned candy to an individual, whereas a watering hole attack is like poisoning a town’s water supply.
Once the hackers harvest the login credentials collected by their watering hole website, they can penetrate one or more organizations from many vectors, creating Advanced Persistent Threats (APTs) that tie cyber security teams into knots.
Watering Hole Attack: How Does it Work?
To set up a watering hole attack, hackers skulk around trusted websites looking for security holes into which they can inject malicious code. The most common way to inject code into a website is by tricking an employee or other user into opening an email, clicking on a link to the infectious code, or downloading a file containing the code. The harmful code is usually written in HTML or Javascript. Once the code payload finds its niche in the target computer, it initiates an exploit chain that infects any computer and server on the same network. Hackers typically attack public websites that are used mostly by individuals from specific industries, such as discussion boards, industry standards, and industry conferences.
When the infection takes hold of the victim’s PC, the hackers can exploit the entire network to which the PC is connected. They use the infected computer to launch cyberattacks against the individual user and against the whole enterprise. Attacks are designed to gain access to sensitive data from the victim, use the target’s computer for botnet purposes, or gain access to other devices in the target’s network.
How to Detect a Watering Hole Attack
The following methods can be used to detect Watering Hole Attacks:
- Detection layers in Web Gateways can analyze the digital signatures of websites. Highly sophisticated detection mechanisms have been developed to scan for increasingly advanced malware.
- Hackers often exploit weaknesses in Flash, Adobe Reader, Java Runtime Environment, and Microsoft’s Internet Explorer to worm their way into target computers. Identifying and disabling these programs on all company computers can help businesses prevent watering hole attacks.
- The best way to detect watering hole attacks is through an email security solution like Trustifi, which scans each email delivered to the server for any threats. Trustifi detects and removes suspicious emails before they ever reach the user’s inbox.
What Can You Do to Prevent Watering Hole Attacks?
Watering hole attacks can be prevented by following these steps:
- Do not allow employees to use company resources for personal purposes. Block them from accessing websites not required for their work as those sites might be compromised.
- Do not allow users to add third-party sites to the Trusted Sites list in their browsers. Some websites ask users to add the site’s URL to the Trusted Site list in order to function correctly. Reject these requests. Hackers may infect a trusted website in the future with all your defenses down.
- Internet traffic should be scanned and monitored. Use web proxies to scan content in real-time for common exploits, and browse logs to identify anomalous behavior.
- Maintain the latest versions of applications, operating system patches, and systems software on your network and your employees’ computers.
- Use Trustifi’s email security service. The most common means of hacking is through email, as it is one of the fundamental ways companies communicate. Trustifi filters the emails that look suspicious and stops them from entering the user’s inbox. Trustify helps prevent attacks that can compromise the company’s entire network.
Final Thoughts
To quote Benjamin Franklin, “an ounce of prevention is worth a pound of cure.” Stop watering hole attacks from entering your system by preventing sloppy email habits from introducing malicious code payloads in the first place. Contact a Trustifi representative today to learn how easy it is to integrate Trusitfi’s Email Security Solution into your existing email system to protect your employees, your company’s data and reputation, and your peace of mind.
