// THREAT DETECTION AND DATA PRIVACY TERM
Watering Hole
A watering hole attack is a strategy where an attacker infects a website they know their specific targets frequently visit. When a target goes to the legitimate but now compromised website, their own computer gets infected with malware.
TECHNICAL DEFINITION
A watering hole attack is a targeted cyberattack methodology, often employed by Advanced Persistent Threat (APT) groups, involving the strategic compromise of a legitimate third-party website frequented by a specific organization or industry. The threat actor injects malicious code, such as an exploit kit or malware dropper, into the site to infect the systems of visiting targets, bypassing traditional perimeter defenses by exploiting user trust in the compromised web property.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- strategic web compromise
- targeted web attack
- third-party website compromise
- trust exploitation attack
- drive-by compromise
- web-based C2
USAGE NOTE
This technique is often used in espionage campaigns to gain an initial foothold into a well-defended corporate or government network.
DEVELOPERS
Organizations developing technology related to Watering Hole.
Develops the Falcon platform, an endpoint detection and response (EDR) and threat intelligence solution that identifies and prevents malicious activity, such as browser exploits and malware execution, originating from compromised watering hole websites.
Provides a cloud-native security platform, Zscaler Internet Access (ZIA), that acts as a secure web gateway to inspect all traffic, block access to known and suspected compromised sites, and prevent malware delivery, directly mitigating watering hole attack vectors.
Offers a comprehensive security platform, including Cortex XDR for endpoint protection and Prisma Access, which provides secure web gateway functionality to prevent users from accessing malicious watering hole sites and to detect subsequent command-and-control traffic.
Specializes in browser isolation technology that executes all web browsing activity in a remote, disposable container in the cloud. This approach neutralizes web-based threats, including zero-day exploits delivered via watering hole attacks, by preventing malicious code from ever reaching the user's device.
A leading threat intelligence and incident response organization that tracks advanced persistent threat (APT) groups known for using watering hole TTPs (Tactics, Techniques, and Procedures). Their intelligence feeds and managed services help organizations detect and respond to these targeted attacks.
Formed from McAfee Enterprise and FireEye, Trellix offers a broad XDR platform. Its network security and endpoint detection products are designed to identify and block the sophisticated exploits and malware implants used in watering hole campaigns.
Provides integrated cyber defense solutions, including Symantec Web Protection which features web isolation technology. This technology renders web content in a secure cloud environment, protecting users from drive-by downloads and exploits hosted on compromised websites.
A global cybersecurity company whose research team (GReAT) actively investigates and reports on APT campaigns that utilize watering hole attacks. Their endpoint security products use behavioral analysis and threat intelligence to detect and block such threats.