I learned something this week (end of May, 3013) and wanted to share it with you. I had not heard of waterhole attacks before and I think term is clever.
First, a bit of background: waterhole attacks are related to spearphishing. Spearphishing is a targeted version of phishing. The idea is to customize and focus phishing attempts targeting an individual or organization.
Most mammals need to drink water fairly regularly to survive. (The Fat-tailed Dunnart (Sminthopsis crassicaudata) and some other small mammals get water from seeds or insects they eat.) Because of this, predators hang out at watering holes in arid climates waiting for prey. If you watch NatGeo or Discovery Channel, or some shows on Channel 4 in the UK, you’ve probably seen stories about this. This is why the attack is called a “waterhole attack”.
Bad actors know that, say, IT workers at a target company might hang out at a particular site. So the attackers would target that site for downloadable malware. That made it more likely the malware would reach its intended target. The malware could be anything, but these days it seems it would likely be a way to steal information from the target.
So how do you prevent waterhole attacks? Well, really waterhole attacks are just compromised websites. The attacker just chooses what websites to compromise based on his or her target. That means have good anti-malware tools, check links for safety (when you can), and only download software or binaries of any kind from trusted sources. You can try periodic checks of the organization’s favorite sites to look for compromises, but that may not be easy.
The biggest and most important tool, though is user education. Tell your users about waterhole attacks. Let them know the dangers of potentially compromised sites. Organizations that are particularly “interesting” targets need to be especially diligent.
Phishing, waterhole attacks and other attack vectors are the type of material we cover in of Learning Tree Course 468, System and Network Security. We cover both attacks and the appropriate countermeasures. The goal is to help you understand the issues and be prepared to deal with them – even if the specifics are covered in a follow-on course. We’d love to hear what you’re doing about waterhole attacks and compromised websites in general. Let us know in the comments below.