Watering Hole Attack | PDSC Advice Guides

Watering Hole is a computer attack strategy in which an attacker guesses or observes which websites an organisation often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.

Cyber criminals identify vulnerable websites and infect them with malware. Visitors to the compromised site will transport the virus/malware to their own servers or hard drive, potentially leading to theft of data, ransom demands and/or general disruption.

If the attacker has a particular organisation in mind (e.g. the NHS, British Airways), the criminal will look to infect websites that the organisations’ staff use regularly, increasing the likelihood of success.

Whether it is your website that is vulnerable or your staff that is utilising other insecure websites, it is your business’s reputation that may be damaged.

Who regularly visits your website?

Websites used in Watering Hole Attacks are specific procurement sites, specialist shopping sites, supply chain sites, etc. who do not follow standard cyber security practices and leave their website vulnerable. Protect your website from being targeted with malware by:

Watering Hole Attack

What websites do you and your team regularly visit?

Visiting an infected site puts data at risk. The following recommendations will reduce the likelihood of a Watering Hole Attack and the subsequent impact an attack can have on your business:

  • Regularly update all software and Operating Systems to prevent exploit of vulnerabilities
  • Install a Firewall to block unauthorised connections to the network
  • Limit access to online accounts and data to reduce the attack surface available to the cyber criminal
  • Use strong, unique passwords for each online account to make passwords difficult to crack. If a password is lost or breached at least only one account will be compromised
  • Use 2 Factor Authentication (2FA) as an extra layer of security for your online accounts. This makes it more difficult for the attacker to use a stolen password
  • Regularly train staff on cyber security best practices and the latest threats, to reduce their chances of falling victim to cyber attacks
  • Create an Incident Response and Disaster Recovery Plan to reduce the time it takes you to respond to and recover from a cyber attack
  • Use a VPN to hide your browsing activity from the world wide web
  • Backup data to facilitate quick recovery from a cyber incident
  • Only do business with those who demonstrate a commitment to safeguarding their business from cyber threats and demonstrate your own efforts. This creates a circle of trust within your supply chain