Web security basics: Watering hole attacks VS phishing attacks

HTTPS and padlock

Computer users who are well versed with security threats know why and how clever phishing pages must be avoided. Clear signs help to identify fake phishing pages but what does one do against a “watering hole attack”?

What exactly is a watering hole attack?
A watering hole attack is a technique whereby users are profiled and the websites they visit are known by the attacker. Such websites are then infected with malware. Attackers compromise commonly visited websites to inject malicious JavaScript or HTML codes in order to redirect the victim to other malicious pages. On the victim’s machine, this effectively works like a zero-day attack.

In phishing attacks, masses of people are targeted simultaneously. For instance, phishing attacks are carried out against Facebook users or Gmail users. Phishing attacks are more widespread in nature and target a larger amount of people. On the other hand, watering hole attacks are narrowed down to target specific users only. So the infected websites are like a ‘watering hole’ where an attacker waits for his victims, like a predator waits for his prey. (Watering holes are depressions in the ground where water accumulates and animals go to satisfy their thirst. In jungles and wild terrains, predators wait for their prey to reach these watering holes and attack them.)

How does a watering hole attack work?
When a victim visits a compromised page, or the watering hole, his machine is scanned and checked for various requirements. If the web browser and the machine match these needs, he is sent to a malicious page that hosts malware infected code. In a scenario like this, unpatched operating systems, web browsers and out of date system protection software are highly vulnerable.

For instance, a watering hole attack will first ascertain which web browser a potential victim uses and the version of the browser as well. Then it will check if vulnerable programs like Adobe Flash or Java are installed. Subsequently, the system language of the machine will be found out. If any of these checks do not match, a blank page will be displayed. But if all the conditions are met, then a cookie is unloaded into the machine. Compromised machines are then targeted or redirected to infected websites or fake versions of legitimate websites.

Java Security Hole

In contrast to phishing attacks, watering hole attacks are aimed at people who visit websites that do not see heavy traffic. Websites that get a lot of visitors (like Facebook or Gmail) are more feasibly targeted directly with phishing attacks. Watering hole attacks also require plenty of prior research and work by the attacker.

With the rise in cases of cyber crime and cyberespionage, watering hole attack tactics are commonly used to target victims from specific industries like financial services, healthcare, defense, government, academia and utilities.

As precautionary measures, computer users are strongly advised to update the programs on their machine to the latest versions. They should also utilize an effective security solution and remain aware about the nature of threats that are present on the web.

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
34 Comments
Inline Feedbacks
View all comments
jiaur rahaman
jiaur rahaman
7 years ago

watering hole attack work is how to come?????????

mani
mani
7 years ago

pl hlp me

Dr. SARAL KUMAR MITRA
Dr. SARAL KUMAR MITRA
7 years ago

What QH can do in preventing a wild animal (computer user) from going to a
waterhole (malicious website) for drinking? A very good analogy. Getting
frightened.

sameer
sameer
7 years ago

Really a very nice blog,

Thanks rahul for updating us and precisely bifurcating the PHISING nad WATERY HOLE ATTACKS

Abul Khoyer
Abul Khoyer
7 years ago

i codn`t understand about it.

Aziz
Aziz
7 years ago

Since the last 4-5 days, whenever I visit http://www.pogo.com, it asks me to update my version of Java. Can someone tell me if this is a genuine request or if it is a waterholing attempt

kunal
kunal
7 years ago

On visiting a website(watering hole) how the user’s machine is scanned where the outer program has no permission to do that.

Danny
Danny
7 years ago

Sir, Its really scary out there suring on internet. May you kindly advice me how to avoid waterholes and any other threats since I mostly surf through websites for research on android codes (like https://www.xda-developers.com) and that requires going to places that are very likely to be infected. And also a word of advice about reliability on browser Chrome regarding safety of constant use of credit cards through online shopping websites (like https://www.snapdeal.com) and frequent downloads of music and video files(like https://mp3skull.com). Does QH Total Security 2013 protects my credit card and my computer form these threats. Thanks in advance,… Read more »

ARUN PRASHAR
ARUN PRASHAR
7 years ago

I am not a computer engineer, but i am working on computer since 2005, and using quik heal for the last 10 years, the results are marvelous, i am not aware of “watering hole attack”,
but every information is important for us.

BHAGWAT SARAF
BHAGWAT SARAF
7 years ago

CANT UNDERSTAND ADVANTAGE OF IT IN SECURITY

Pankaj Roy
Pankaj Roy
7 years ago

Sir, does the same problem possess a ‘threat’ even when surfing in a Linux OS like Fedora 14 or Ubuntu?

Ajay
Ajay
7 years ago

Plz help me

Amit Joshi
Amit Joshi
7 years ago

When I Open MS Excel 2003 the virus comes from macro so how can i solve it, if i put security high file doesnt open

Pankaj Roy
Pankaj Roy
7 years ago

Presently I’m using quickheal total security 2012, whose subscription ends around mid-March. So, if I renew the subscription will it provide me with the latest features of quickheal total security 2013?

rahul shekhawat
rahul shekhawat
7 years ago

my antivirus is not giving virus protection

deo gurung
deo gurung
7 years ago

can you help me please ! to safe from watering hole attacks vs phishing attacks ?

deo gurung
deo gurung
7 years ago

what can I do ? I could not find any solution.

Ravirajhn
Ravirajhn
7 years ago

Hi,

Where i can find all patches of quick heal antivirus and its uses.

Nikhil More
7 years ago
Reply to  Ravirajhn

Hi Ravi, I you need any technical assistance please contact our support team at https://www.quickheal.com/submitticket, you can refer to our forums too at https://forums.quickheal.com.

trackback

[…] protection and browser sand box. The cloud-based protection blocks malware-infected websites (“watering holes”), and the sandbox shields the user’s system against zero-day attacks. As everyday Internet […]

34
0
Would love your thoughts, please comment.x
()
x