12 Cyber Threats of Christmas – Watering Hole Attacks

In our 12 threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations. 

Some may be known to you, whilst others, may seem a little more out of the box.

On the second day of Christmas, our cyber threat is:

Watering Hole Attacks

Some of you may have never heard about watering hole attacks. In fact, it’s a tactic that cyber criminals have used for a number of years. It’s just not been as popular as phishing or other cyber crime methods.

However, this attack is starting to grow in popularity, and could potentially be the next big tactic of 2020.

Cyber criminals who use watering hole attacks, profile their victims and determine the types of websites they regularly visit. They then target those websites by infecting them with malware. The next time the employee visits the now compromised website, they are vulnerable to infection. This can lead to multiple employees becoming infected. Like the prey who fall foul of the predators.

Watering hole attacks are difficult to detect, as the criminals target legitimate websites, and infect them, meaning organisations are less likely to scrutinise them. However, as with all cyber attacks, training employees to notice infected sites is extremely difficult.

Andy Norton, Cyber Security Expert at Lastline, said: 

“Organisations can train employees how to recognise and avoid most phishing emails, but there is no way for a user to identify a compromised website without the assistance of a tool specifically designed to do just that.”

What can I do to protect my organisation from a watering hole attack?

Best practice to defend against watering hole attacks include:

  • Inspect popular websites that employees visit for malware
  • Block traffic to all websites that they discover have been compromised
  • Configure browsers and other tools that use website reputation services to notify users of ‘bad’ websites

Missed Day 1 which focused on Phishing? Fear not, you can see it here.