Watering hole attacks aren’t the type of threat that is constantly being faced by IT professionals. Instead, they are rare yet suppose a major threat in cybersecurity. For hackers, they demand plenty of work but the potential impact they have is remarkable.
At My IT Guy, our team wanted to dedicate a few lines to explain what watering hole attacks are, the basics on how they operate, and how organizations can avoid being victims.
What are Watering Hole Attacks?
This is a very complex, resource-demanding type of attack where the hacker proceeds to compromise a determined group of websites and online services that are recurrently being used by the target or targets, normally part of the same group, segment, and/or industry sector.
By compromising these websites, the hacker can progressively infect a wide array of users with malware and get into their devices. This is all done through a trustable source the users have been using.
Watering hole attacks are based on leveraging the reputation of popular websites that are commonly used by the targeted group. On a side, these online providers may handle valuable user data that the hacker will find useful as well.
Yet it’s a lot of work for the malicious agent and probably that’s why they aren’t common. It all begins with the hacker profiling his potential victims and determining through existent, available data which websites and web services they use. Because of this profiling process, most of the time watering hole attacks are used to infect corporate businesses. The hacker focus on an industry niche and, from that point, he chooses which websites to compromise.
Being chosen the profile to infect with malware, the malicious agent must work towards compromising the group of websites and web services that will be used as infection channels. Cybercriminals must hack these sites with HTML and JS code in order to put the traps in place.
Then, the goal is to drive the victims from the compromised sites to a malware-ready website built by the hacker, a page that probably mimics the real one. Here is where the actual infection occurs.
How to Avoid Watering Hole Attacks?
As mentioned before, these attacks are very rare. When they happen, the damage has been done already on a large scale. They imply a lot of work and only focus on corporate targets as they suppose the biggest benefit for the criminal.
But while these attacks aren’t frequent and many IT professionals rarely find one, they still should be considered a major threat, especially for organizations.
Watering hole attacks are very difficult to diagnose on time, often identified when they have been operative for a while on the compromised website and, as a consequence, infected many users already. And because these attacks are mostly based on trusted resources online, the early detection is almost impossible.
Taking this into consideration, we must consider two types of victims: the compromised website and the user who gets infected by using the compromised website. The latter can do little to avoid the attack but the former has more resources on this sense.
Therefore, webmasters and online service providers have a major responsibility here as they must conduct checks on their assets, making sure that they haven’t been compromised by malicious parties.