Watering Hole Attack – CompTIA Security+ SY0-401: 3.2

The most successful attacks happen when the target is least expecting them. In this video, you’ll learn how watering hole attacks can be a very effective way to gain access to an unsuspecting target.

<< Previous Video: URL HijackingNext: Shoulder Surfing >>


If you’re really diligent with your network security then it’s going to be very, very difficult for the bad guys to find their way into your network. You may have a very secure firewall. You may follow all the best practices for security. You’re not even plugging in those random USB keys that you might find in the parking lot.

Well, this creates a problem for the bad guys because they want access to your data. You’re not responding to phishing emails. You’re not opening email attachments and running them on your Windows desktop. So you’re really preventing those easy ways for the bad guys to get into your network.

So instead of the bad guys trying to get in, what they’re going to do instead is wait for you to come to them. So one of the things they’re going to try to find out is where you go when you leave the building or when you access other sites outside of your private internal networks. This is your watering hole. This is where people go from the inside of your network to have lunch or to a popular website that people like to visit.

This is going to, obviously, require a bit of research to try to determine what sites the people within your organization go to. If they can somehow make you come to the watering hole, they might be able to take advantage of you there. Here’s just one example of what a watering hole attack might look like.

Maybe in your organization there is a popular coffee shop or popular sandwich shop just around the corner, and a lot of people from your company will go to that sandwich workshop and put in their orders. Perhaps, go just before lunch. Go into the web browser. Go to the coffee shop or the sandwich shop URL. And then put in your entire order so that someone can then go by and pick up that food.

Something that happens all the time when we’re working, and it’s something that may also be very easy for the bad guys to take advantage of. They’re now going to go not to your website, but they are going to go to the sandwich shop website and they’re going to try to find a way in there. So they’ll see if there’s vulnerabilities that allow them access to the sandwich shop or the coffee shop website. And from there, they may be able to put information in where they could capture this and then infect your machines on the other side.

Or maybe from there, they’re able to send you emails and you’ll trust an email from the sandwich shop a lot more than you might trust an email from somewhere else. So you may end up clicking one of those attachments inadvertently and, of course, that would then infect your computer. Obviously, in those particular cases you may be infecting everybody who visits the sandwich shop or the coffee shop, but the bad guys don’t care. They’re really ultimately trying to get to you.

And even if they infect everyone else, as long as they can get that one person to get infected inside of your organization that may be just what they need to then get on the inside and then spread out and gather whatever information they might need. So you have to be very careful of not only your internal network, but also be very careful when you’re going to the watering hole.