Know what a watering-hole attack is? It refers to attackers compromising a website and using it to serve malicious code, in advance of their desired target visiting the site. The watering-hole technique has been used in numerous attacks, including exploits of Google committed by the so-called Aurora gang. This technique has also been used in the recent past against Apple, Facebook, and Twitter.
Using malicious Internet sites to infect computers is not new; phishing attacks lure computer users to malicious sites to be infected all the time. However, watering-hole attacks are a bit different in that the compromised website is usually one that specifically targets employees of companies whose computer networks the bad guys want to ultimately infiltrate.
According to an Information Week.com article, in the Microsoft attack, the compromised website was one that software developers frequently visit. In this way they were able to target Microsoft programmers, and other programmers who visited that site, to infect their computers. But the end game in these attacks is to then infect the computers and networks of the company the programmers work for the next time they use that computer at work. Why programmers? Because they usually have a high-level of security authorization for their company’s networks and systems; thus allowing the malware their computers now carry to assume that security authorization and use it to infiltrate the company’s networks to locate and steal company secrets, software, and anything else they find of value.
Be very careful…it’s dangerous out there.
Please comment on this article; we all learn from each other when our views and opinions are shared.
I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Remember, personal computing is a blast…keep it productive and enjoyable.
I’m also on Twitter, @PaulsInternet.
Images courtesy of FreeDigitalPhotos.net and FreeByte.com