From the course: CompTIA Security+ (SY0-701) Cert Prep

Watering hole attacks

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Watering hole attacks

- [Instructor] Watering hole attacks use sneaky techniques to lure unsuspecting users and infect their systems with malware. In nature, a watering hole is a place that animals gather, particularly in dry climates. It's important that animals visit the watering hole because the water there is essential to their survival, but there are also significant risks involved. First, diseases can spread easily at watering holes because all of the animals drink from a common source, and second, predators can lay in wait at the watering hole, waiting for prey to show up in need of a drink, and then attack. In the electronic world, websites are a great way to spread malware. When a user visits a website, they trust that website to some extent. It's the digital equivalent of approaching someone you trust as opposed to being solicited by an unknown stranger. Web browsers and browser add-ins and extensions are common points of vulnerability and they're frequently exploited in attacks. Watering hole attacks are an example of a type of attack known as client side attacks. These attacks don't necessarily exploit security issues on the server, rather, they use malicious code and other attacks that exploit vulnerabilities in the client accessing the server. Watering hole attacks often cause pop-up warnings, but users are conditioned to click okay to security warnings to get them out of the way and move on to the content that they requested. Attackers can take advantage of this by installing malware on a website and letting users come to them. They can't just build their own sites however, and there's two reasons for this. First, the obvious one, nobody would ever visit that site. Would you go visit attackmycomputer.com? Second, security professionals often use block listing. That's a security control that builds lists of known malicious sites and then blocks them with content filters at the network border, preventing infections. In a watering hole attack, the attacker uses commonly visited sites without the website owner's knowledge. In the first step of this attack, the attacker identifies and compromises a highly targeted website that their audience is likely to visit. Next, the attacker chooses a client exploit that will breach the security of website visitor browsers, and then bundles in a botnet payload that joins infected systems to the botnet. Then the attacker places the malware on the compromised website and simply sits back and waits for infected systems to phone home. Watering hole attacks are especially dangerous because they often come from otherwise trusted websites. Attackers using this technique may gain access to highly targeted systems and find the proverbial needle in a haystack because the victim comes to them. Website owners and web users alike must remain current on security patches to prevent falling victim to watering hole attacks.

Contents