Watering Hole Attack and How To Prevent Them

What is a “watering hole” attack and how do I prevent it from happening to my company?

A watering hole attack targets a specific company by infecting their website with malware which proceeds to then further infect everyone that visits your website.  The attackers essentially use your website as a distribution mechanism to inject malware into as many of your website viewer's computers as possible, with the goal of stealing information or extracting ransom payments.  Manufacturing companies are particularly vulnerable to watering hole attacks because they often rely on supply chain partners and subcontractors who may not have the same level of security measures in place.  These attacks can compromise your sensitive information and/or intellectual property, and can also disrupt your operations.

A related type of attack is called a cross-site scripting (XSS) attack, which exploit vulnerabilities in a website's code to inject malicious scripts into web pages viewed by other users. This can lead to the theft of sensitive information, such as login credentials, customer data, and financial information.

To prevent watering hole and XSS attacks, manufacturing companies should take the following steps:

1. Keep software up-to-date: Regularly update software, including operating systems, web browsers, and plugins, to reduce the risk of vulnerabilities being exploited.
2. Educate employees: Train your employees on security awareness, specifically how to identify phishing scams, suspicious websites, and email attachments.
3. Implement web filtering and monitoring: Use web filtering and monitoring solutions to detect and block malicious activity on websites and networks.
4. Conduct vulnerability assessments: Regularly scan websites and applications for vulnerabilities and address any issues that are identified.
5. Implement access controls: Limit access to sensitive information and systems to only those who need it (such as access to edit/manipulate your website), and use strong passwords and two-factor authentication to prevent unauthorized access.

There have been many real-world examples of attacks like these spreading quickly.  In 2013, a group of Chinese hackers targeted the website of a US-based industrial control system (ICS) manufacturer with a watering hole attack. The hackers injected malicious code into the website, which allowed them to gain access to the manufacturer's network and steal sensitive data.

Taking these steps to prevent this type of attack will help safeguard your company as well as your customers and supply chain partners.  No manufacturer wants to get a call from the FBI that their website has been compromised and has become part of a malware distribution network!