#6. Watering-hole attacks

A combination of drive-by downloads and spear-phishing ends up with what's called a 'watering-hole' attack. The attackers study the behavior of people who work for a target organization, to learn about their browsing habits. Then they compromise a web site that is frequently used by employees – preferably one that is run by a trusted organization that is a valuable source of information.  Ideally, they will use a zero-day exploit. So when an employee visits a web page on the site, they are infected – typically a backdoor Trojan is installed that allows the attackers to access the company's internal network.  In effect, instead of chasing the victim, the cybercriminal lies in wait at a location that the victim is highly likely to visit – hence the watering-hole analogy.

A classic case of watering-hole attack is Winnti attacks, were a Flash Player exploit on a care-giver web site that supports Tibetan refugee children, the ‘Tibetan Homes Foundation’. It turned out that this web site was compromised in order to distribute backdoors signed with stolen certificates from the Winnti case.

Also Read:

IT Firms Misuse Social Media For Polls: Cobrapost

Mobile Internet Drives Up Subscriber Base To 198 Mn