2.2 Watering Hole Attacks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/3

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

4 Terms

1
New cards

Watering Hole Attack

The attacker doesn't try to directly infiltrate your network but instead targets a website or system that you are likely to visit.

  • The attacker poisons the "watering hole" by compromising it and waiting for you to access it.

  • This requires careful research to identify where you typically go online, and once you visit the infected site, your system can be compromised.

Essentially, the attacker makes the mountain come to you by poisoning trusted sources you interact with.

2
New cards

Executing The Watering Hole Attack

Involves identifying third-party sites your organization frequently visits and then exploiting vulnerabilities in those sites.

  • For example, if employees regularly place orders on a local coffee shop’s website, the attacker could compromise the web server and infect your company when employees visit.

  • The attacker may also target industry-related sites or send email attachments to third-party organizations, hoping to compromise their network and eventually gain access to yours.

By poisoning the website, the attacker can infect all visitors, but they focus on specific victims, knowing your organization will eventually visit the compromised site.

3
New cards

Watering Hole Example

In January 2017, attackers executed a watering hole attack by poisoning websites associated with the Polish Financial Supervision Authority, the National Banking and Stock Commission of Mexico, and a state-owned bank in Uruguay.

  • They exploited these sites by adding malicious JavaScript files to the web servers, targeting specific victims. The malicious code only downloaded to IP addresses associated with banks and financial institutions.

Although the results of the attack were never made public, it’s known that the attackers were able to infect several sites through this method, though it’s unclear if they successfully gained the access they sought.

4
New cards

Watching The Watering Hole

Involves using a defense-in-depth strategy, which layers multiple security measures to protect against threats. If one device misses a malicious threat, another layer may detect it.

  • This approach might include antivirus software, firewalls, intrusion prevention systems (IPS), and other security layers.

  • For example, while a firewall might allow traffic to pass, an IPS can analyze and block malicious content within that traffic.

In the case of the attack on the Polish Financial Supervision Authority, if a user with a specific IP address visited the compromised site and had Symantec antivirus software, the software would detect the malicious code and prevent it from executing.

Explore top notes

Explore top flashcards