• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Cyber Security Term: “Watering Hole Attack”

Imagine you are in Africa on a photo safari. You’re in your 4WD vehicle, upwind of the animals who are gathering at a pool of clear water. Zebras and water buffalo herds claim their section of the shoreline, while in the distant tall grass, a pride of lions waits. The vulnerability of the animals drinking at the watering hole is something well understood and the reason tourists are often brought nearby to await the inevitable “circle of life” drama.


Now, imagine you are the online version of a predator or more commonly known as a cybercriminal. If you can infect a popular website where like-minded people come for information, perhaps on a political topic, a social cause or for information about a conference, you can target a particular group via malware. In last year’s Internet Security Threat Report, Symantec researchers found that the “watering hole” technique was being used increasingly to attack small business, often as a stepping stone towards infecting large enterprise targets.

Attacks of this kind may exploit vulnerabilities or “holes” in our most popular browser software or browser add-on’s like Java. This means simply keeping those programs updated is a crucial step in small business security efforts. Make sure all employees know to use auto-updating features or to periodically check which version of their browser and related software they are using.

We’ve seen this method used since 2009 but most recently to attack a large US government agency and today, the Chinese speaking supporters of the Dalai Lama.

Dalai Lama’s Chinese Website Hacked: http://www.pcmag.com/article2/0,2817,2423014,00.asp

Symantec Internet Security Threat Report Reveals Increase in Cyberespionage - Including Threefold Increase in Small Business Attacks: http://www.symantec.com/about/news/release/article.jsp?prid=20130415_01

New Internet Explorer 8 Zero Day Used in Watering Hole Attack http://www.symantec.com/connect/blogs/new-internet-explorer-8-zero-day-used-watering-hole-attack