Watering Hole Attack
What is Watering Hole Attack?
Watering Hole AttackA targeted attack that compromises a website frequently visited by a specific group of users in order to infect them when they browse it.
In a watering hole attack, the attacker first profiles the victim community — employees of a target organization, government workers, members of a niche industry — and identifies websites they trust and visit often. The attacker then compromises one of those sites or injects malicious code into a third-party resource it loads, so that visitors are silently exploited by drive-by downloads, fingerprinted, or redirected to credential phishing pages. Targets are often filtered by IP range, user agent, or geography to keep the campaign stealthy. Defences include patching browsers and plugins, EDR, application allowlisting, web filtering, content security policies and strict separation between personal browsing and high-value workstations.
● Examples
- 01
Attackers compromise an industry trade-association website used by employees of multiple defence contractors.
- 02
Malicious JavaScript on a popular developer forum delivers exploits to visitors from a single targeted company.
● Frequently asked questions
What is Watering Hole Attack?
A targeted attack that compromises a website frequently visited by a specific group of users in order to infect them when they browse it. It belongs to the Attacks & Threats category of cybersecurity.
What does Watering Hole Attack mean?
A targeted attack that compromises a website frequently visited by a specific group of users in order to infect them when they browse it.
How do you defend against Watering Hole Attack?
Defences for Watering Hole Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Watering Hole Attack?
Common alternative names include: Strategic web compromise.