Definition

watering hole attack

Contributor(s): Madelyn Bacon

A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.

The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack desired prey. In a watering hole attack, the predator lurks near niche websites popular with the target prey, looking for opportunities to infect the websites with malware or malvertisements that will make the target vulnerable.

Watering hole attacks, which tend to focus on legitimate, popular websites, are a derivative of pivot attacks, which target one thing to get at another. In a watering hole attack, the attacker first profiles its targets -- who are typically employees of large enterprises, human rights groups or government offices -- to determine the type of websites they frequent. The attacker then looks for vulnerabilities in the websites and injects malicious JavaScript or HTML code that redirects the target to a separate site where the malware is hosted. This compromised website is now ready to infect the target with the injected malware upon access.

While watering hole attacks are uncommon, they pose a considerable threat since they are difficult to detect and typically target high-security organizations through their low-security employees, business partners, connected vendors or an unsecured wireless network.

This was last updated in August 2015

Continue Reading About watering hole attack

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

So who is to blame here. The person planing the attack or the site they are injecting they code into to perform the attack. If other site were more proactive with security I feel it would strengthen one side and weaken the others attempt to exploit others.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close