Not every attack against a company will be a direct assault on its cybersecurity infrastructure. In a watering hole attack, malicious actors will try to take an indirect approach through a third party and hack a service or system that they know company employees use. This attack type can be extremely difficult to detect until something has gone wrong, and it tries to catch users when they have willingly gone to a website or service for professional or personal use while they are working.
What is a Watering Hole Attack?
A watering hole attack targets a business by planting malicious code inside of a third-party website, service, or application that its employees use regularly. This way, when an employee of the target company clicks on the malicious link planted by hackers, they are extremely unlikely to believe something has gone wrong. These attacks are uncommon compared to phishing emails, for example, because they are extremely targeted and require research into the websites and services a target business uses. However, they are also extremely effective because a user will typically have little chance to notice the service they use regularly has been compromised before it’s too late.
Compromising Trusted Third Parties
Watering hole attacks can be a strategy malicious actors use to access organizations that are well guarded against the usual forms of attack. It works well because it relies on breaking into a network that the target business cannot know has been breached because it’s a third-party company. Once inside of a website, malicious actors can plant code in ads and commonly used hyperlinks, or they can trick users into handing over their credentials. Many people will be more likely to retry their credentials during a watering hole attack because they went to a trusted site on their own, rather than being directed there through an email.
Watering Hole Defense
Due to being an indirect way of hacking a network, watering hole attacks can be difficult to defend against, but with the proper training and strong cybersecurity tools, a company can become resilient to this attack strategy. First, employees must be trained to notice odd activity on trusted websites. Often, a small detail like being asked to log in twice can give the attack away. Cybersecurity tools that monitor internet traffic are effective in defending from watering hole attacks. A DNS security service, for example, will verify that requests are not made to a malicious server while an employee uses websites and apps on the internet.
Summary
Watering hole attacks demonstrate that small businesses can never be too vigilant when it comes to cybersecurity. They are a rare form of attack because malicious actors must put in a large amount of effort to target a specific business, but the effort can quickly become worth it if they trick an employee with access to sensitive data. Here at Robinett Consulting, we recommend coupling cybersecurity training with strong security services to help make your business more resilient to watering hole attacks and other attack strategies!