Home » Alerts » How to deal with a Watering Hole Attack?

Guess what would be an enhanced way for a predator to follow its prey, fairly than chasing it? Well, waiting for a long time at a watering hole, where its prey would finally turn up. Bizarrely, in the online world, hackers are also using the similar technique to trap their target. This blog gives you an impression of watering hole attack.

What is a Watering Hole Attack?

We are talking here of a new breed of online scam called “watering hole attack” – an advanced form of spear-phishing. In spear-phishing, the hacker intends to target individual victims by sending virus-infested emails, and attracting them into providing confidential data. A watering hole attack, on the other hand, does not use any such kind of emails, for it infecting an entire website the victims of a targeted business or firm are most likely to visit.

Watring Hole Attack

In simple words

A watering hole attack is like poisoning the whole grocery store of the town and waiting for somebody to buy from it, in place of luring each victim into purchasing a poisoned item.

The Mechanism of the Attack

Step 1: The hacker does training on its targeted attacks and “trusted” websites they regularly visit or are most likely to surf. For example, mobile developers mostly visit a developer forum, and so on.

Step 2: Once these websites are identified by the hacker, they are tested for safety vulnerabilities. If any such weakness is found, then the hacker injects the website with a code [a piece of code or a series of commands].

The Final Whistle: When the target visits the compromised website (the “watering hole”), their device is diagnosed for software weaknesses (old and/or new) equivalent to the injected attack. And if the device is found so, then the code drops malware onto it, permitting the attacker to trigger malicious activities. In most situations, the malware might be a remote access Trojan that can invite other virus to enter the device.

Why Watering Hole Attack is Successful?

Researchers say, watering hole attack is a creative form of attack, for it targets websites that are genuine, regularly visited, and less likely to be blacklisted. If you continuously follow your local weather forecast website, then you might have fewer causes to suspect it as an infected website. Same goes with mobile developers, who regularly visit a number of websites (developer websites, forums, etc.) to gather essential data or to discuss their projects. Given such a situation, even training employees to be on guard for such web attacks is useless, according to most safety experts.

In contrast to phishing scams, watering hole scams are aimed at people who explore websites that do not see heavy traffic. Websites that get a number of visitors (like Facebook or Gmail) are more possibly targeted directly with phishing threats. Watering hole threats also need plenty of prior research and work by the attacker.

With the rise in cases of cyber threat, watering hole attack tactics are basically used to target victims from particular industries like healthcare, financial services, defense, government, academia and utilities.

The Zero-Day Benefit

Watering hole threats are also beneficial, for they have the “zero-day exploits” card in their deck. These attacks take benefit of security holes or weaknesses that have surfaced recently and are yet to have any solutions or fixes. So, once these zero-day attacks strike, the targeted attack is left with less or no defense at all.

Common Victims of Watering Hole Attacks

  • Academic sectors
  • Defense sectors
  • Government organizations
  • Healthcare industry
  • Financial services
  • Utilities sectors

Companies that were Attacked Recently

  • Dvorak.org
  • Microsoft
  • Apple
  • Facebook
  • WTOP.com
  • Twitter [the attack compromised account credentials of 250,000 users on Twitter]
  • U.S. Department of Labor
  • Council on Foreign Relations (CFR)
  • Federalnewsradio.com

The web security feature of AVG employs real time cloud-based security and browser sand box. The cloud-based security blocks virus-infected websites (“watering holes”), and the sandbox blocks the user’s device against zero-day threats. As everyday Internet users, applying all such security features is the best you can do to evade scams such as watering hole attacks.

If users face any issue regarding AVG, he or she can contact toll free number of AVG Technical Support. User can simply get instant support as the technicians are always available. This technical Support can be accessed 24*7. Technician will take the remote access of the customer device and will fix the issue in a few minutes.