If your network is secure, the bad guys might try to find an opening at the local watering hole. In this video, you’ll learn about watering hole attacks and how some real-world watering holes were poisoned by the bad guys.
Let’s say you’ve been working on security on your network. You’ve made it very secure. You’ve even set up your computers so that if somebody found a USB key that was lying in the parking lot, they would not be able to plug it into the computers and infect anything that’s on the inside of your network. You’ve set up a secure firewall. You have an intrusion prevention system. There’s no way that anybody from the outside can get into your network.
And the bad guys realize this as well. Nobody’s responding to their phishing e-mails. Nobody’s clicking on the links inside of email attachments. You have built the perfect security inside of your organization. So the bad guys, instead of trying to attack you, they’re going to try to attack somebody that you visit. This is called a watering hole attack. And now you can do a little bit of research, find out where people within your company like to go on the internet, and then go to infect those locations.
One way to do this is to find out where people are going. You can take an educated guess. Find the local coffee shops or sandwich shops– maybe that would be a place to start infecting to gain access to the people that are inside of your building. Maybe there are sites that are very focused on your industry. They know somebody inside of your building is going to visit that site eventually. Instead of now sending the phishing email to you, the bad guys are going to send the phishing email to that third party site that you visit to infect them through email attachments, through a vulnerability in their site, but find some way to infect their website.
Of course these infections at the coffee shop or the sandwich shop are affecting everybody who visit the website, but that’s OK. The bad guys are simply going to wait until you visit the watering hole, and at that point they’re going to infect those people that are visiting, and now they have access to the inside of your network.
A good example of an actual watering hole attack occurred in January, 2017, and it occurred at the same time in different places around the world. The Polish Financial Supervision Authority was infected. The National Banking and Stock Commission of Mexico was infected, and a state-owned bank in Uruguay was infected. They knew that people would be visiting those locations from other banks and other financial organizations. And now that they have infected the watering hole, they were also able to infect people that were visiting the watering hole.