What is a “watering hole” attack and how do I prevent it from happening to my company?
A watering hole attack targets a specific company by infecting their website with malware which proceeds to then further infect everyone that visits your website. The attackers essentially use your website as a distribution mechanism to inject malware into as many of your website viewer's computers as possible, with the goal of stealing information or extracting ransom payments. Manufacturing companies are particularly vulnerable to watering hole attacks because they often rely on supply chain partners and subcontractors who may not have the same level of security measures in place. These attacks can compromise your sensitive information and/or intellectual property, and can also disrupt your operations.
A related type of attack is called a cross-site scripting (XSS) attack, which exploit vulnerabilities in a website's code to inject malicious scripts into web pages viewed by other users. This can lead to the theft of sensitive information, such as login credentials, customer data, and financial information.
To prevent watering hole and XSS attacks, manufacturing companies should take the following steps:
There have been many real-world examples of attacks like these spreading quickly. In 2013, a group of Chinese hackers targeted the website of a US-based industrial control system (ICS) manufacturer with a watering hole attack. The hackers injected malicious code into the website, which allowed them to gain access to the manufacturer's network and steal sensitive data.
Taking these steps to prevent this type of attack will help safeguard your company as well as your customers and supply chain partners. No manufacturer wants to get a call from the FBI that their website has been compromised and has become part of a malware distribution network!
To view other PMMI CyberHealth content, visit pmmi.org/cyberhealth Got a more specific question? Email [email protected]. Be sure to also opt in to the CyberHealth e-newsletter to get cybersecurity updates straight to your inbox.