Cyber Explainer: Watering Hole Attacks

Now that social engineering has become hackers favorite infiltration tactic, many are adding watering hole scams to their bag of tricks.

cyber watering hole attacks

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this eighth installment, we look at watering hole attacks, which are a less common attack strategy that’s growing in popularity.

What It Means
Watering holes are pivotal to socially engineered attacks in which users inadvertently access infected websites. Through these often legitimate (and/or frequently visited) sites, thieves plant malware on computers or mobile devices to gain network access. Malvertising, or infection through a website’s third-party ads, is type of watering hole attack that’s significant attention in the past couple of years. In these cases, clicking on an advertisement either auto-downloads malware or leads the reader to an infected website.

Where You’ve Seen It
Four years ago, a notorious watering hole attack on a mobile-developer forum targeted programmers at Facebook, Twitter, Apple, and Microsoft. This summer, a joint alert from the FBI and Department of Homeland Security warned utility companies that criminals have been using watering holes to target energy companies and power plants. And recently, many who visited the website for Poland’s financial regulator fell for a watering hole scheme at the hands of North Korean hackers, in which visitors inadvertently downloaded malware.

How to Stop It
Any type of attack that leverages social engineering will benefit greatly from cybersecurity that baselines the behaviors of entities such as users, devices, files, and servers. With machine learning, security analytics, in particular, can sift through billions (yes, billions) of events to pinpoint even the most elusive threat. Because it does this without rules or thresholds, it is remarkably accurate, eliminating the alert-fatigue that too frequently distracts security teams as thieves exfiltrate valuable information from networks.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence