Websites of governments, regulatory bodies and financial authorities are preferred targets for "watering hole" attacks on finance, investment and compliance professionals. These online resources make it easy for attackers to target their victims. How do such attacks work?
So-called watering hole (a.k.a. "water holing") attacks are probably the most economical of online exploits. Instead of identifying and tracking down individual targets one-by-one, the threat actors first research and identify a vulnerable website frequently sought out by key professionals in the targeted industry or organization.
In the second step, they install an exploit kit that may allow the attackers to target that site’s users even more selectively, for instance based on their IP number. Like lions hidden in the savannah grass, they then lay and lurk.
Once their prey shows up at the "water hole", the victim’s locally installed browser takes care of the rest. Because the browser is designed to indiscriminately fetch and execute code from