Watering hole attacks are a recent development in the cat-and-mouse game between information security professionals and hackers. Watering hole attackers use sneaky techniques to lure unsuspecting users and infect their systems with malware. In this video, Mike Chapple explains how attackers infect commonly visited sites with malware in watering hole attacks.
- [Announcer] Watering hole attacks are a recent development in the cat-and-mouse game between information security professionals and hackers. Watering hole attacks use sneaky techniques to lure unsuspecting users and infect their systems with malware. In nature, a watering hole is a place that animals gather, particularly in dry climates. It's important that animals visit the watering hole, because the water there is essential to their survival. But, there are also significant risks involved. First, diseases can spread easily at watering holes, because all of the animals drink from a common source.
Second, predators can lay and wait at the watering hole, waiting for prey to show up in need of a drink and then attack. In the electronic world, websites are a great way to spread malware. When a user visits a website, he or she trusts it, to some extent. It's the digital equivalent of approaching someone you trust as opposed to being solicited by an unknown stranger. Web browsers, as well as browser add-ins and extensions, are common points of vulnerability, and frequently exploited in attacks.
Watering hole attacks are an example of a type of attack known as client-side attacks. These attacks don't necessarily exploit security issues on the server. Rather, they use malicious code and other attacks that exploit vulnerabilities in the client accessing the server. Watering hole attacks often cause popup warnings, but users are conditioned to click "OK" to security warnings to get them out of the way and move on to the content they requested. Attackers can take advantage of this by installing malware on a website and letting users come to them.
They can't just build their own sites, however. There's two reasons for this. First, the obvious one. Nobody would visit. Would you go to attackmycomputer.com? Second, security professionals often use blacklisting. That's a security control that builds lists of known malicious sites, and then blocks them with content filters at the network border, preventing infections. In a watering hole attack, the attacker uses commonly visited sites without the website owner's knowledge.
In the first step of this attack, the attacker identifies and compromises a highly targeted website that their audience is likely to visit. Next, the attacker chooses a client exploit that will breach the security of website visitor browsers, and then bundles in a botnet payload that joins infected systems to the botnet. Then, the attacker places the malware on the compromised website, and then simply sits back and waits for infected systems to phone home. Watering hole attacks are especially dangerous because they often come from otherwise trusted websites.
Attackers using this technique, making an access to highly targeted systems, and find the proverbial needle in a haystack, because the victim comes to them. Website owners and web users alike must remain current on security patches to prevent falling victim to watering hole attacks.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities