Computer users who are well versed with security threats know why and how clever phishing pages must be avoided. Clear signs help to identify fake phishing pages but what does one do against a “watering hole attack”?
What exactly is a watering hole attack?
A watering hole attack is a technique whereby users are profiled and the websites they visit are known by the attacker. Such websites are then infected with malware. Attackers compromise commonly visited websites to inject malicious JavaScript or HTML codes in order to redirect the victim to other malicious pages. On the victim’s machine, this effectively works like a zero-day attack.
In phishing attacks, masses of people are targeted simultaneously. For instance, phishing attacks are carried out against Facebook users or Gmail users. Phishing attacks are more widespread in nature and target a larger amount of people. On the other hand, watering hole attacks are narrowed down to target specific users only. So the infected websites are like a ‘watering hole’ where an attacker waits for his victims, like a predator waits for his prey. (Watering holes are depressions in the ground where water accumulates and animals go to satisfy their thirst. In jungles and wild terrains, predators wait for their prey to reach these watering holes and attack them.)
How does a watering hole attack work?
When a victim visits a compromised page, or the watering hole, his machine is scanned and checked for various requirements. If the web browser and the machine match these needs, he is sent to a malicious page that hosts malware infected code. In a scenario like this, unpatched operating systems, web browsers and out of date system protection software are highly vulnerable.
For instance, a watering hole attack will first ascertain which web browser a potential victim uses and the version of the browser as well. Then it will check if vulnerable programs like Adobe Flash or Java are installed. Subsequently, the system language of the machine will be found out. If any of these checks do not match, a blank page will be displayed. But if all the conditions are met, then a cookie is unloaded into the machine. Compromised machines are then targeted or redirected to infected websites or fake versions of legitimate websites.
In contrast to phishing attacks, watering hole attacks are aimed at people who visit websites that do not see heavy traffic. Websites that get a lot of visitors (like Facebook or Gmail) are more feasibly targeted directly with phishing attacks. Watering hole attacks also require plenty of prior research and work by the attacker.
With the rise in cases of cyber crime and cyberespionage, watering hole attack tactics are commonly used to target victims from specific industries like financial services, healthcare, defense, government, academia and utilities.
As precautionary measures, computer users are strongly advised to update the programs on their machine to the latest versions. They should also utilize an effective security solution and remain aware about the nature of threats that are present on the web.
34 Comments
watering hole attack work is how to come?????????
Hi,
Basically, watering hole attacks are designed to know where a victim will go on the Internet. When the victim does go somewhere, the attack gets initiated.
Regards.
pl hlp me
Hi Mani,
If you are facing some issue and require our assistance, you can contact our support team on 927-22-33-000. Alternately, you can also visit this link to submit a ticket – https://www.quickheal.co.in/submitticket.asp. Once done, our support team will contact you with a solution.
Regards.
What QH can do in preventing a wild animal (computer user) from going to a
waterhole (malicious website) for drinking? A very good analogy. Getting
frightened.
Hi Dr. Mitra,
Quick Heal actively blocks malicious websites that can cause harm on a user’s machine. When a user visits such a website, an alert is displayed by Quick Heal to prevent infection.
Regards.
Really a very nice blog,
Thanks rahul for updating us and precisely bifurcating the PHISING nad WATERY HOLE ATTACKS
i codn`t understand about it.
Hi Abul,
Basically, watering hole attacks are designed to know where a victim will go on the Internet. When the victim does go somewhere, the attack gets initiated.
Regards.
Since the last 4-5 days, whenever I visit http://www.pogo.com, it asks me to update my version of Java. Can someone tell me if this is a genuine request or if it is a waterholing attempt
Hi Aziz,
The website probably requires Java to run certain features. Off late, Java has faced several security flaws. It is advisable to disable Java from your browser.
Regards.
On visiting a website(watering hole) how the user’s machine is scanned where the outer program has no permission to do that.
Hi Kunal,
Websites unload cookies on a browser when a machine visits them. This enables them to change the preferences of the website when the user visits again. Some malicious websites use this feature to track the user’s browsing habits and to gather information about the browser or the machine itself.
Regards.
Sir,
Its really scary out there suring on internet.
May you kindly advice me how to avoid waterholes and any other threats since I mostly surf through websites for research on android codes (like https://www.xda-developers.com) and that requires going to places that are very likely to be infected.
And also a word of advice about reliability on browser Chrome regarding safety of constant use of credit cards through online shopping websites (like https://www.snapdeal.com) and frequent downloads of music and video files(like https://mp3skull.com).
Does QH Total Security 2013 protects my credit card and my computer form these threats.
Thanks in advance,
Regards
Danny
Hi Danny,
Yes Quick Heal protects your machine against any malicious files that you may download. Phishing pages are also blocked so credit card transactions can be carried out without fear. Browsing protection also provides you with security when you are surfing the web.
Regards.
I am not a computer engineer, but i am working on computer since 2005, and using quik heal for the last 10 years, the results are marvelous, i am not aware of “watering hole attack”,
but every information is important for us.
CANT UNDERSTAND ADVANTAGE OF IT IN SECURITY
Hi Bhagwat,
It is necessary to be aware of the various types of attacks that pose a threat while browsing the web. While phishing attacks get a lot of media coverage and exposure, watering attacks are something that not many people are aware of. As always, awareness leads to foolproof security.
Regards.
Sir, does the same problem possess a ‘threat’ even when surfing in a Linux OS like Fedora 14 or Ubuntu?
Hi Pankaj,
Phishing attacks do exist over these kinds of platforms as well. Such attacks are not dependent on the OS of the machine. Rather, it preys on the negligence and the carelessness of users.
Regards.
Plz help me
Hi Ajay,
Please visit this link to submit a ticket – https://www.quickheal.co.in/submitticket.asp. You will need to enter some details about your issue and our support team will contact you with a solution.
Regards.
When I Open MS Excel 2003 the virus comes from macro so how can i solve it, if i put security high file doesnt open
Hi Amit,
Please visit this link to submit a ticket about your issue – https://www.quickheal.co.in/submitticket.asp. Our support team will contact you and provide you with the necessary assistance.
Regards.
Presently I’m using quickheal total security 2012, whose subscription ends around mid-March. So, if I renew the subscription will it provide me with the latest features of quickheal total security 2013?
Hi Pankaj,
If you renew the subscription now, you will certainly get all the latest features of Total Security 2013. Additionally, you will also get an additional 2 months of the license as bonus. Kindly visit this page to renew your license – https://www.quickheal.com/in/en/renew/.
Regards.
my antivirus is not giving virus protection
Hi Rahul,
Kindly visit this link – https://www.quickheal.co.in/submitticket.asp. Once you submit a ticket, our support team will get back to you with a solution.
Regards.
can you help me please ! to safe from watering hole attacks vs phishing attacks ?
Hi Deo,
If you have Quick Heal installed on your machine, you will be protected against such attacks. Any malicious pages that you visit while browsing the web will be instantly red flagged as dangerous and you will receive an alert for the same.
Regards.
what can I do ? I could not find any solution.
Hi,
Where i can find all patches of quick heal antivirus and its uses.
Hi Ravi, I you need any technical assistance please contact our support team at https://www.quickheal.com/submitticket, you can refer to our forums too at https://forums.quickheal.com.