Home Advice & How-ToSafety Watering Hole Attacks: Don’t Fall Prey to Hackers
Home Advice & How-ToSafety Watering Hole Attacks: Don’t Fall Prey to Hackers
Safety

Watering Hole Attacks: Don’t Fall Prey to Hackers

by Cyrus Grant
by Cyrus Grant 129 views
FacebookTwitterLinkedinEmailCopy to clipboard

In nature, predators use watering holes as an opportunity to strike. Online, scammers can do the exact same thing, which is why the more you know, the less likely you are to become prey.

Watering hole attacks — named after the tactic we just mentioned in which predators lay in wait for prey to let their guard down at literal watering holes — are a type of attack that targets specific users of websites that cybercriminals are able to compromise and infect with malicious links and content.

Here’s everything you need to know and how to stay safe.

Spokeo logo

Who's Calling Me?

Search any phone number to learn more about the owner!

What is a Watering Hole Attack?

Watering hole attacks work by first compromising a website that a certain group of people frequently visit, and therefore trust. Once cybercriminals are able to gain unpermitted access to the website without being detected, they then alter the site to include malicious links. 

Because users of the website frequent the domain, they don’t think twice before clicking on something when prompted. Unfortunately, these links often end up being some type of malware or a mirrored page (a page that looks legit, but is in fact a fake owned by hackers so as not to raise suspicion) that reveals users’ private information to cybercriminals. An example could be a link that you believe downloads a PDF from a website you use often, when in fact the link has been replaced by a cybercriminal with something malicious.

Watering hole attacks can vary slightly in their targets and end goals, but they are most often part of a larger plan. These attacks are used to target specific individuals or members of an organization so that once those people have been compromised, the hackers can gain access to more valuable organizational information.

hacker planting watering hole attack

How Do Watering Hole Attacks Work?

The first active step for a watering hole attack is to profile targets, looking into which specific websites they frequently visit. Once they have done this, cybercriminals compromise the website in order to then compromise specific users’ devices. Remember, the end goal is usually to compromise a large organization, and the best way to do so is through corrupting the devices of certain individuals within said organization.

Once a hacker has found a vulnerability in a desired website, they infect it with links that redirect users to interact with malicious downloads or spoofed websites. Upon success of gaining access to a target’s computer, they then wait for that computer to connect to a network at the victim’s workplace, essentially chaining the attack onto a larger target (the initial victim’s workplace/organization).

Here’s all of that broken down into the simplest terms: 

  1. Cybercriminals choose an organization with valuable information they would like to compromise (but often have heightened security).
  2. Criminals then look for websites that members of the target organization frequent.
  3. Those websites are searched for vulnerabilities, and should any be found, malicious content is loaded into them.
  4. A target user unknowingly downloads malicious material from said website.
  5. That target user connects to the target organization’s network, allowing the cybercriminals access to their end goal — the organization’s information.

Watering hole attacks essentially have three targets, with the last one being the actual prize. They must first infect a website, then a user, before finally reaching the target organization.

Similar Attacks to Look Out For

While watering hole attacks are fairly unique in their overall execution, there are a few other cybersecurity attacks that function similarly.

  • Honeypot. A honeypot is often used by companies to catch would-be hackers. They work by setting up a fake vulnerability that hackers might find and believe to be accidental. Once the hackers attempt to exploit the vulnerability, the organization is then able to track their movements, providing insight and knowledge into what cybercriminals are after and how they attempt to attain it.
  • Supply chain attack. Supply chain attacks, like watering hole attacks, use a third party to gain access to their actual end-goal target. The key difference is that instead of targeting individuals, such as employees, to gain access to an organization, supply chain attacks target trusted third-party vendors who offer services or software. By compromising a smaller member within a chain of trading partners, hackers are then able to exploit bigger, more valuable targets.
how to prevent becoming a victim of a watering hole attack while using laptop

Preventing Watering Hole Attacks

Although watering holes aren’t terribly common, if you work for an organization, it’s good practice to follow these preventative tips to help ensure cybersecurity.

  • Keep personal and corporate resources separate. It’s often a good idea to limit corporate computer access to strictly work-related websites. In fact, the best bet is to simply never use corporate devices for personal activities.
  • Keep devices up to date. System and software updates provide your devices with the most current safety features. Keeping your devices updated will help seal off vulnerabilities.
  • Pay attention to what you download. It’s easy to click accept on a download, especially if it’s from a website you know and trust. But if that download looks different than normal, and especially if it prompts you for additional input, make sure you know what you’re actually interacting with.
  • General cybersecurity best practices. Whether it be keeping your passwords fresh and unique, avoiding unknown links, or just being aware of all the different types of scams and attacks, having good cybersecurity practices will go a long way in staying safe.

Watering Hole Attack Examples

They don’t happen often, but when they do, they are often a pretty big deal. Some watering hole attack examples from recent years:

  • 2016: Multiple Polish banks reported malware after staff visited the Polish Financial Supervision Authority website.
  • 2017: Ukrainian government websites compromised to spread malware known as “NotPetya.”
  • 2019: Fake Adobe Flash update warnings led to malware targeting an Asian religious and ethnic group.

Don’t Become Prey

The digital world is growing, but so too are the dangers that come with it. Although watering hole attacks are fairly situational, the concept of criminals using trusted apps, websites, and other services to find unsuspecting victims is quite common. 

Should you ever find yourself unsure of who you are dealing with, services like Spokeo’s People Search can help you stay on your toes and a step ahead of any would-be scammers. So, whether online or in-person, stay informed, stay vigilant, and stay safe.

Cyrus Grant is a writer from Southern California with a background in law and dispute resolution. When he isn’t writing, he can be found deep-diving into the latest technology trends or simply spending time at the beach.