Waterhole attacks received their name from their ingenious methodology. In these attacks, hackers take advantage of the fact that their targeted victims often meet or work at a particular physical or virtual location. Then they "poison" that location to achieve malicious objectives.
For instance, most large companies have a local coffee shop, bar, or restaurant that is popular with company employees. Attackers will create fake WAPs in an attempt to get as many company credentials as possible. Or the attackers will maliciously modify a frequently visited website to do the same. Victims are often more relaxed and unsuspecting because the targeted location is a public or social portal.
Waterhole attacks became big news this year when several high-profile tech companies, including Apple, Facebook, and Microsoft, among others, were compromised because of popular application development websites their developers visited. The websites had been poisoned with malicious JavaScript redirects that installed malware (sometimes zero days) on the developers' computers. The compromised developer workstations were then used to access the internal networks of the victim companies.
Find out what's happening in Mission Viejofor free with the latest updates from Patch.
Lesson: Make sure your employees realize that popular "watering holes" are common hacker targets.
