SkipToMainContent

Emerging Threats

What is a watering hole attack + how to prevent one

a brown-haired woman sits on her couch, holding a yellow coffee cup in one hand and her phone in the other

August 20, 2021

A watering hole attack is a targeted cyberattack whereby a cybercriminal compromises a website or group of websites frequented by a specific group of people. 

The end goal is often infecting victims’ devices with harmful malware and gaining unauthorized access to personal or organizational databases. The result can be not only frustrating but can also put your device and personal data at risk. 

All this to say, no one wants to be a victim of a watering hole attack. This is why we’re breaking down exactly what a watering hole attack is and tips for how to avoid watering hole attacks from the start.

What is a watering hole attack?

a cybercriminal attacks three computers at the same time and, ultimately, a network connected to them as part of a watering hole attack

 

For a watering hole definition, it’s a cyberattack that’s grounded in a bit of a betting game: Cybercriminals discern what websites their victims frequent and attack, often by way of infecting the site with malware.

You might think of it like how a lion attacks its prey, targeting the place animals gather most — watering holes — and striking when they least expect it. Not to mention, with so much prey all in one place, the lion can attack more victims than it would if these animals were spread out.

Similarly, for cybercriminals, this can be one of the most effective ways to reach a large swath of victims. After all, it’s easier to hack a bunch of devices at once, rather than attacking them one by one. 

How does a watering hole attack work?

five illustrations give a step-by-step explanation of what a watering hole attack is


For a cybercriminal to successfully pull off a watering hole attack, it requires quite a bit of planning:

  1. A cybercriminal identifies websites their victims frequent, usually based on their interest or demographics.
  2. The cybercriminal creates a similar, fraudulent website or finds vulnerabilities in existing sites their victims frequent and oftentimes compromises them with malware.
  3. Victims visit the infected site and their devices are compromised, oftentimes by malware being downloaded on their devices.
  4. The cybercriminal gains unauthorized access to sensitive information or confidential data on the victims’ devices or connected servers.
  5. The cybercriminal carries out fraudulent acts such as identity theft using the information they’ve extracted.

Similar cyberattack tactics

Watering hole attacks can be considered a combination of hacking techniques. And the more you’re aware of these, the more likely you’ll be able to keep an eye out for them in the future. 

  • Supply chain cyberattacks are when hackers infiltrate a trusted software or IT service company oftentimes to inject malware into software updates the service company installs on its customers’ computers.      
  • Honeypot cyberattacks are a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target.      
  • Man-in-the-middle cyberattacks are a manipulative technique in which hackers set up a legitimate website or service and, from there, lure users to share their sensitive information.      
  • Tailgating is a cyberattack where a cybercriminal tricks employees of a certain company into helping them gain unauthorized access to the company database.       
  • Social engineering is when a cybercriminal manipulates someone to divulge sensitive or confidential information oftentimes through digital communications.

5 tips to prevent watering hole attacks

five illustrations allude to best practices for how to avoid watering hole attacks, including by practicing computer safety, keeping work and personal resources separate, and being wary of third-party sites

 

Now that you know what a watering hole attack is, it’s important to know how to avoid one. Follow these tips for watering hole attack prevention to keep you and your information safe and secure.

1. Practice computer security

It’s important to keep your computer secure. But sometimes, the simplest tasks can slip our minds. When it comes to computer security, be sure to stay safe and secure with these tips: 

  • Only visit secure sites, meaning ones with HTTPS in the URL.
  • Keep your software updated.
  • Consider installing antivirus software on your devices to flag cyber threats.

2. Keep work and personal resources separate

Keeping your work and personal resources separate on different drives can not only help organize your information but also can keep your data safe. This way, if you do experience a cyberattack, all of your important information won’t be compromised at once.

3. Be wary of third-party sites

Third-party sites are sites that are not operated or controlled by a government or trusted entity — and cybercriminals love to make them. For this reason, only access websites by searching for them yourself versus clicking on an unsolicited link sent to you via email, on social media, or another digital means. The link could lead you to a third-party site infected with malware.

4. Know the red flags of watering hole attacks

Watering hole attacks can be complex, but there are a few key ways to identify whether you’re being targeted or have become a victim of a targeted attack:    

5. Monitor your internet traffic with antivirus 

Finally, it’s essential to monitor your internet traffic and identify sites that may be shady or compromised. One of the best ways to do this is by installing antivirus software that will monitor your internet traffic and stop cyber threats before you even realize they exist.

Watering hole attack examples

Even though watering hole attacks aren’t the most common of cyberattacks, they’re no less destructive. To put this into perspective, here are a few real-world watering hole attack examples:     

  • In 2012, the U.S. Council of Foreign Relations was infected by malware via Microsoft’s Internet Explorer, impacting thousands of users nationwide.
  • In 2013, attackers accessed the U.S. Department of Labor to gather information on thousands of users who researched or visited nuclear-related content.
  • In 2017, software/device cleaning software CCleaner was hacked, resulting in a majority of users becoming vulnerable to cyberattacks.
  • In 2018, there was a country-wide watering hole attack in China via Microsoft that lasted from late 2017 to March 2018.    
  • In 2019, hackers posed malware as an Adobe Flash update that targeted Asian religious and charity organizations.  
  • In 2021, the “Live Coronavirus Data Map” from the John Hopkins Center for Systems Science and Engineering was used to spread malware among users nationwide.

While watering hole attacks might be normal in the animal kingdom, they shouldn’t be in the digital world. Knowing how to spot a watering hole attack and attempts of malware infection means you’re less susceptible to being preyed upon.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.