Within the field of IT security, learning about various types of attacks and threats is very important. Some of these attacks have some very unusual names, and, in this section, we will cover the fundamentals of a watering hole attack.
Let's imagine you're the IT security administrator or engineer for a company. You've implemented the best security appliances within the industry to proactively detect and prevent any sort of threats, whether internal or external. You've also implemented industry best practices, adhered to standards, and ensured that your users (employees of the organization) are frequently trained in user security practices. You have built a security fortress within the organization and ensured that the network perimeter is also on guard for new and emerging threats.
Attackers would notice that they are unable to penetrate your network, and even social engineering techniques such as phishing emails would not be successful against your organization. This would create a big challenge to compromise the organization (target), as it's very well protected. One method of doing this is to perform a watering hole attack.
Imagine that, during their lunch break, a few employees visit the nearby coffee shop for a warm or cold beverage. Hackers could be monitoring the movements of the employees of an organization—say they visit places that contain public Wi-Fi quite often during their breaks, or even after work. Let's say there's a group of employees who frequent the local coffee shop. The attacker can compromise the coffee shop's Wi-Fi network and plant a payload that downloads to any device connected to the network and runs in the background.
By compromising the coffee shop's Wi-Fi network, the attack is poisoning the watering hole, which everyone, including the employees of the target organization, is using while they enjoy their beverages. Let's imagine Alice's smartphone is compromised at the coffee shop; she carries it back to the organization and connects to the internal (Wi-Fi) network. At this point, the attack is being generated from the inside and can compromise the remaining segments of the network, or even attempt to create a backdoor in the target organization.
There are many other methods for creating a watering hole attack; this was just one example. Another example would be compromising a legitimate website that a lot of users visit often and planting malware on the potential victims' systems. When the systems are infected with malware, the payload can target other websites or networks.
In the next section, we will discuss and demonstrate how credentials can be stolen from systems that use weak encryption systems.