5 Ways to Defend Against Watering Hole Attacks [Updated]

Editor's note: This post was originally published in June 2020 and has been revised for clarity and comprehensiveness.

Back in 2018, the Department of Homeland Security admitted that foreign hackers broke into hundreds of supposedly secure computer networks belonging to U.S. electric utility companies. The hackers broke in using what’s known as a “watering hole attack.” The breach allowed them to gain deep access to control rooms giving them the power to potentially cause nationwide blackouts. 

Perhaps more alarming, however, is that the incident isn’t the first time a major organization fell victim to a similar attack: 

• In 2021, threat actors used the “Live Coronavirus Data Map” from the John Hopkins Center for Systems Science and Engineering to spread malware among users nationwide. 
• In 2016, the Canada-based International Civil Aviation Organization (ICAO) was breached with similar methods and spread malware that infected the United Nations (UN) network. 
• In 2014, a foreign attack group hacked Forbes.com and used similar strategies to target visitors working in the financial services and defense industries. 
• In 2013, hackers breached the United States Department of Labor website. The attackers used the website to redirect visitors to a malicious site hosting malware. 

So what is a watering hole attack, and what can you do to prevent a similar attack on your computer system? 

At ITS, we’ve helped hundreds of clients protect their networks against all kinds of cyber threats, including watering hole attacks. In this article, we’ll dive into what it is, how it works, and how you can defend against it. 

What is a Watering Hole Attack, and How Does It Work? 

A watering hole attack is a type of social engineering strategy wherein threat actors attempt to compromise end users by infecting unsecured websites and online resources that targeted users frequently visit. The end goal can vary from infecting devices with malware or gaining access to the target’s network. 

It works a lot like how alligators would lurk in watering holes waiting for their prey. Instead of them actively hunting for food, they determine where their victims are more likely to go and set up an ambush. It’s an effective strategy as victims are often caught with their guards down. 

Targets can range from individuals to organizations. The attacker profiles their victims thoroughly to figure out what websites and online resources they frequent. From there, they can choose the ones easiest to breach then simply wait for the targets to waltz in unaware. 

Watering hole attacks are uncommon. However, they are a considerable threat because they are difficult to detect. In addition, they allow attackers to breach highly secure organizations through their less security-conscious employees, business partners, or connected vendors. 

5 Ways to Defend Your Network From Watering Hole Attacks 

Unfortunately, there is no single way to defend against a watering hole attack. But don’t fret because that doesn’t mean there’s nothing you can do about it. Here are the five steps you can take to defend yourself from this kind of attack: 

1. Raise Awareness of Watering Hole Attacks and Similar Threats

In these types of attacks, hackers create spoofed websites loaded with malware. These websites mimic legitimate, whitelisted websites that employees are likely to visit. The spoofed websites trick victims into entering their usernames and passwords or downloading malware to compromise their devices.  

Watering hole attacks are often used against companies that have high security on their employee email accounts and Internet access. The attack strategy uses social engineering designed to evade detection tools and systems you might have in place. That’s why one of the best ways to defend against the threat is to prevent them entirely by raising awareness. You can do that by educating your team via a security awareness program. 

2. Keep Your Systems Up-to-Date

Watering hole attacks exploit vulnerabilities in your software to infiltrate your devices. Keeping software updated regularly with the latest security patches can significantly help reduce the risk of an attack. 

Always make sure to check whether the software you are using has the latest update by taking a look at the software developer’s website. Or better yet, get in touch with a reliable managed service provider (MSP), so they can ensure your systems are always up-to-date. 

3. Monitor Your Network and Web Traffic

Monitoring your network activity and all web traffic coming from outside can help prevent watering hole attacks. It can identify malicious activity and abnormalities that can indicate an attack. You can do that by getting antivirus software or other advanced systems like endpoint detection and response (EDR) tools. 

4. Use a Virtual Private Network (VPN)

A VPN can disguise online activity from external sources, making it harder for attackers to profile targets within your organization. In some cases, a VPN might be necessary to block your team from accessing unsecured websites like social media and messaging boards. 

5. Get a Security Audit from Experts

The best way to keep your computer network worry-free is to get it checked by trusted cybersecurity experts. They can point out vulnerabilities you might have missed and recommend ways to fix them. Having a periodic security assessment is a good investment that can help prevent attacks in the future. 

Ready to Defend Your Network from a Watering Hole Attack? 

Watering hole attacks aren’t common, but they are exceedingly difficult to detect. And worse, they can cause serious damage if they are not caught quickly. Make sure you take the necessary steps and work with your team to prevent falling victim. 

At ITS, we’ve helped hundreds of businesses assess their network security to improve their cybersecurity posture. If you want to learn more ways to secure your network, check out our video on the 15 Ways to Protect Your Business from a Cyber Attack.