Watering Hole Attack – An Overview

Guess what would be a better way for a predator to stalk its prey, rather than chasing it? Well, waiting patiently at a watering hole, where its prey would eventually turn up. Strangely, in the online world, hackers are also using the same strategy to trap their victims. This blog gives you an overview of watering hole attack.

What is a Watering Hole Attack?
We are discussing here a new breed of online fraud called “watering hole attack” – an evolved form of spear-phishing. In spear-phishing, the scammer intends to target individual victims by sending malware-infested emails, and luring them into giving confidential information. A watering hole attack, on the other hand, does not use any such emails, for it infects an entire website the victims of a targeted business or organization are most likely to visit.

In other words
A watering hole attack is like poisoning an entire grocery store of the town and waiting for someone to buy from it, instead of luring each victim into buying a poisoned item.

The Working of the Attack

Step 1: The scammer does homework on its targeted victims and “trusted” websites they frequently visit or are most likely to visit. For instance, mobile developers usually visit a developer forum, and so on.

Step 2: Once these websites are identified by the scammer, they are tested for security vulnerabilities. If any such vulnerability is found, then the scammer injects the website with an exploit [a piece of data or a series of commands].

The Final Blow: When the victim visits the compromised website (the “watering hole”), their system is scanned for software vulnerabilities (old and/or new) corresponding to the injected exploit. And if the system is found so, then the exploit drops malware onto it, allowing the attacker to initiate malicious activities. In most cases, the malware might be a remote access Trojan, that can invite other malware to enter the system.

Why Watering Hole Attack is Effective?
Experts say, watering hole attack is an ingenious form of fraud, for it targets websites that are legitimate, frequently visited, and less likely to be blacklisted. If you regularly follow your local weather forecast website, then you might have fewer reasons to suspect it as a malicious website. Same goes with mobile developers, who frequent a variety of websites (developer websites, forums, etc.) to collate essential information or to discuss their projects. Given such a scenario, even training employees to be on guard for such web attacks is futile, according to most security officials.

The Zero-Day Advantage
Watering hole attacks are also effective, for they have the “zero-day exploits” card in their deck. These exploits take advantage of security holes or vulnerabilities that have surfaced recently and are yet to have any solutions or fixes. So, once these zero-day threats strike, the targeted victim is left with less or no defence at all.

Common Targets of Watering Hole Attacks

• Defence sectors
• Academic sectors
• Government organisations
• Financial services
• Healthcare industry
• Utilities sectors

Companies that were Recently Attacked

• Facebook
• Apple
• Twitter [the attack compromised account credentials of 250,000 users on Twitter]
• Microsoft
• U.S. Department of Labor
• Council on Foreign Relations (CFR)
• WTOP.com
• Federalnewsradio.com
• Dvorak.org

The web security feature of Quick Heal Security Solutions employs real time cloud-based protection and browser sand box. The cloud-based protection blocks malware-infected websites (“watering holes”), and the sandbox shields the user’s system against zero-day attacks. As everyday Internet users, implementing all such security features is the best we can do to evade scams such as watering hole attacks.

Rajiv Singha

25 Comments

Cancel reply

Haripandit Paranjpe • June 10, 2013 at 10:21 PM

How does quick heal protect from watering hole attack ?
Reply
- Rajiv Singha • June 11, 2013 at 10:27 AM
  
  Hi Mr. Paranjpe,
  
  Quick Heal web security feature comprises two important tools that are designed to reduce the risks of watering hole attacks.
  
  First is the real time cloud-based security protection. It blocks access to malware-infected websites, or websites that carry out phishing or fraudulent activities.
  
  The other security feature is the browser sandbox. It creates an isolated virtual environment for your internet browser. So, even if you visit any malicious website, your computer won’t be affected. You can read more about this feature here.
  
  Regards,
  Reply
Meraj Uddin Khan • June 10, 2013 at 10:33 PM

Thanks. Its good piece of information.
Reply
B K Srivstava • June 10, 2013 at 11:50 PM

does your system protecting us from such incidents protect your clients ? And how ?
Reply
syed muniruddin • June 10, 2013 at 11:56 PM

Thanks Rajib for the info.
Reply
avishek • June 11, 2013 at 7:21 AM

very informative!
Reply
rajul saxena • June 11, 2013 at 9:21 AM

thanks sir
Reply
PRADEEP VERMA • June 11, 2013 at 10:01 AM

Nice and useful information in well presented way.
Reply
Hrushi Sonar • June 11, 2013 at 10:20 AM

Really good info regarding the watering hole attack.
Thank you.

Hrushi Sonar.
Reply
ganesh • June 11, 2013 at 10:54 AM

mujhe lagta hai quikheal jeisa antivirus pure world me dusra koi nahi hai
Reply
Minhaj Ahmad Khan • June 11, 2013 at 1:10 PM

Very informative, please carry on giving such things so that common users also get some knowledge of these.
Reply
Monica Dharkar • June 11, 2013 at 2:17 PM

Good job! You are protecting your clients well with forewarning info. Thanks.
Reply
Rohan Das • June 11, 2013 at 3:03 PM

thanx sir
Reply
jaydeep • June 11, 2013 at 4:56 PM

great and nice
Reply
dipak rkr. karmakar • June 11, 2013 at 6:05 PM

i renew the quick heal on 9th June2013, validity given upto26th Nov 2014, but it is not work properly at my desktop, pl. help immediately. thanking you, yours dipak
Reply
- Soumya Patnaik • June 11, 2013 at 6:06 PM
  
  Hi Dipak
  
  Please get in touch with our support at +91 927-22-33-000
  
  Regards,
  Reply
Manoj Pathak • June 11, 2013 at 7:15 PM

Very good information provided by the Quick Heal people.
Thanx
Reply
Anuj • June 11, 2013 at 8:56 PM

Good images and content on watering hole attack. thanks a lot!
Reply
prithish babu • June 11, 2013 at 10:15 PM

Really good job.But want to clearly know the role of cloud service in security solutions,in detailed.Plz provide with clear info. thank you!
Reply
- Rajiv Singha • June 15, 2013 at 12:11 PM
  
  Hi Pritish,
  
  Over thousands of malware come up on daily basis. Data about malware from anonymous sources and dedicated organizations are fed to a repository we know as “cloud”. Quick Heal studies, analyzes, and works on this data, to identify new threats and come up with patches/fixes. These fixes (in the form of regular updates) are then streamed across its home and enterprise customers constantly thus, providing real-time protection.
  
  Regards,
  Reply
Deeapk Verma • June 12, 2013 at 3:20 AM

i have installed new antivirus of quick heal, but i am unable to upload it . it has sep 2013 validity.
Reply
- Rajiv Singha • June 12, 2013 at 9:18 AM
  
  Hello Mr. Verma,
  
  Please get in touch with our support at +91 927-22-33-000.
  
  Regards,
  Reply
Naman Belwal • June 12, 2013 at 7:15 AM

Excellent, detailed update. Highly appreciated.

Regards,
Reply
Punit • June 12, 2013 at 12:01 PM

I appreciate the desirous activities of Quick Heal People who are working to curb the viruses, with zeal, hard work and intelligence of course.
Reply
Bhavesh Parekh • June 12, 2013 at 1:45 PM

Good Information.
Reply

Watering Hole Attack – An Overview

Rajiv Singha

You may also like...

How Vulnerable is your Small and Medium-sized Business? [UPDATED]

Spear Phishing targets Microsoft to amass large numbers of credentials

Logjam Vulnerability: Why You Need to Upgrade Your Browsers

25 Comments

Cancel reply