What is a water-holing attack?
A water-holing (or sometimes watering hole) attack is where a mal-actor attempts to compromise a specific group of people by infecting one or more websites that they are known to visit. The victims are usually from the same company or organisation and the goal is usually to gain access to that organisation’s computer network by infecting one or more users’ computers with malware.
It takes its name from the natural world where a predator will wait by a water hole where its prey gathers so that it can attack one and feed.
Although rare, these attacks post a major threat as they’re difficult to detect and typically target high-profile websites as what happened to the Forbes website in 2014 and the Oldsmar water plant in Florida in 2021.
Defending against water-holing attacks
How do you defend against water-holing attacks? This depends on whether you are the website owner or a visitor to the website.
As the website owner
As the website owner, you need to have anti-hacking security in place. An accredited and qualified penetration tester will be able to identify the vulnerabilities and advise you on how to close these vulnerabilities.
As a website user
The primary way for a user to protect themselves is to have suitable security on their computer and network. This will include network and software firewalls, anti-virus software and network intrusion detection and prevention systems (IDS/IPS).
There’s more information about water-holing on the TechTarget’s SearchSecurity and technopedia websites.
Do you want to learn more?
Network Midlands runs seminars to help you detect and defeat social engineering attacks. Find out more at “The Art of Deception“.