How do you defend your business against watering hole attacks?

Oct 8, 2021

In jungles and savannas, some animal species tend to gather in bodies of water to ward off the heat or have a drink of water. Many hunters use this predictability to easily snipe big game. Black hat hackers apply a similar principle when they launch a web exploit known as a watering hole attack against an organization.

Once the hackers learn the websites that their target victims usually visit, they infect these sites with malware that can spread to visitors’ computers. These cybercriminals then use the infected computers to access the organization’s network and steal sensitive data, encrypt the data for ransom, or take over victims’ accounts. Hackers may also add the infected devices into their botnet to launch distributed denial-of-service attacks.

How do cybercriminals know which “watering holes” to infect?

Astute cybercriminals will profile their target victims, usually employees of nonprofits, government agencies, or large corporations. One way profiling is done is by scouring the targets’ public information posted on popular social networking sites.

This can reveal the victims’ interests and activities, such as if they’re involved in activism or charity works, or if they actively participate in political message boards. Another way is to check professional networking sites such as LinkedIn. Here, cybercriminals can find items like online skills certifications — and where their would-be victims obtain these.

Once the malicious actors have identified the sites their targets frequent, the actors screen the sites for viability. That is, the sites must have poor security, otherwise the cybercriminals’ movements may be detected and thwarted.

How do watering hole attacks work?

Once a black hat hacker determines a site to be viable, they inject it with HTML or JavaScript code. When a target visits the tainted site, the target’s browser triggers the hacker’s code to probe the target’s device for vulnerabilities, which are often known vulnerabilities that have been left unpatched. Once security gaps are identified, the malicious code funnels its payload — namely malware — through these gaps.

As you can see, cybercriminals have turned the innocent act of web surfing into something dreadful. So…

…How do you defend against watering hole attacks?

One way to protect your company from watering hole attacks is to prevent them from being launched in the first place. You can do this by implementing the following measures:

  • Keeping security patches up to date – The fewer holes your system has, the fewer opportunities for hackers to get in.
  • Utilizing web filters – Filters detect malware in websites and stop browsers from loading infected sites. This can effectively shut down the watering holes hackers have chosen to exploit.
  • Discouraging employees from oversharing on the internet – The less cybercriminals know about their targets, the less likely the former would be able to determine which sites are viable watering holes. (Tip: To convince your staff to limit what they share about themselves online, show them that doing so will also help keep themselves safe from identity theft.)
  • Limiting what staff members can visit online – Employees tend to utilize company resources for their personal use, which is exactly what black hat hackers usually count on for their watering hole attacks to work. Implement a policy disallowing staff from accessing websites that are not used for or related to work. If an employee says that a site is indeed for work, enforce a vetting process to ensure that the site is necessary for work and safe to visit.
  • Disallowing users from being able to grant additional permissions to sites – Some websites will ask visitors to turn off certain restrictions or to grant these with extra permissions in order to work properly. If such permissions are granted, they can make your network more vulnerable to attack. Either audit these requests first or simply disallow them completely.

Despite all of these measures, a hacker may still manage to find a vulnerability they can exploit. In this scenario, you must be able to detect, rout, and quash the impending assault. To do all of these, you must monitor your internet traffic for web exploits and utilize web logging to spot and stop suspicious activities.

Trust [company_short] to keep your business safe from cyberthreats like watering hole attacks. Leave us a message to learn more.

online computers logo
Skip to content