What is Watering hole attack?

By March 4, 2022 No Comments

*By Mateus Goncalves

Watering hole is an attack technique in which the attacker observes websites that are frequently used by specific users, groups or organizations and infects them with malware. The term “watering hole” refers to a “social” meeting place where a certain group of people usually visit. As Internet users, we all have “watering holes” or unique websites that we visit frequently. The Watering hole is an unusual attack that is difficult to detect.

Explaining the Watering Hole

Well-known sites or sites with a high number of hits among high-ranking companies are the focus of the Watering Hole.

Target users are typically employees of government offices, large organizations, or similar high-powered entities. The attacker acts by injecting malicious code, usually in Javascript or HTML. Finally, the infected code is redirected to the targets, leading to a different website where the malware or ransomware is hosted. Typically these viruses are programmed to collect data. After the virus installs itself on machines, victims are technically exposed.

Most users without knowledge, start doing their activities normally. And then the virus hosted on the machine starts sending the information to a malicious server. In more extreme cases, the attacker will actively take control of the infected computer.

What are the forms of prevention?

Keep software up to date: Watering hole attacks often exploit security holes and vulnerabilities. By regularly updating your software, you can significantly reduce the risk of an attack

Hide your Internet activities: Using VPN is a good option to hide your internet activities and use the browser's private browsing feature or incognito mode, and it can also block websites that have a reputation for sharing malicious links.

Watch your network: Conduct regular security scans of your network to detect watering hole attacks, use broadband detection and management software, educate employees on this topic.

Hire a specialist consultancy: by hiring a consultancy specializing in information security, you have access to the correct procedures and processes in the identification, containment and eradication of security incidents. Allied to the expertise of its consultants, it provides the optimization of financial resources and reduces the chances of your company suffering cyber attacks of this and several other modalities.

— Mateus Gonçalvez is a SOC Analyst at [SAFEWAY]

About Safeway:

THE SAFEWAY is a company of Information security, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet the needs of the business. In these years of experience, we have proudly accumulated several successful projects that have given us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.

Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!