What is a watering hole attack?
D2 ยท Threats ยท CompTIA Security+ SY0-701A watering hole attack compromises a legitimate website that is frequently visited by the intended target group (like an industry forum or a government contractor's website). When targets visit the site, they are infected with malware โ like predators waiting at a watering hole.
Process: attacker identifies target group โ identifies websites they frequently visit โ compromises one of those sites (injecting malware) โ waits for targets to visit โ infects them.
Harder to defend against than phishing โ targets visit what they believe are trusted, legitimate sites.
Process: attacker identifies target group โ identifies websites they frequently visit โ compromises one of those sites (injecting malware) โ waits for targets to visit โ infects them.
Harder to defend against than phishing โ targets visit what they believe are trusted, legitimate sites.
Watering hole attacks are stealthy and targeted. Defenses: web filtering, browser isolation, EDR, keeping browsers/plugins patched (many watering hole attacks exploit browser zero-days), and threat intelligence to identify compromised industry sites.