watering hole attack

But also this system sets up a very - an extreme array of watering hole attacks.

So they say the "watering hole attacks compromising certain websites likely to be visited by the target organization."

High risk services include tracking services which can make internet users vulnerable to watering hole attacks.

Attacks are deployed through spear phishing emails and also increasingly through web injections in watering hole attacks.

A watering hole attack is Symantec's term, and I think it's going to catch on because it's a great term, where you know who you're trying to target.

Sean Sullivan, security advisor at F-Secure, said, "My bet is on a "watering hole attack" (or perhaps spear phishing) rather than an inside job."

The watering hole attack is, if you want to attack, like, say, the Department of Defense, you go find a vendor or a site that your typical DoD employee would visit, and you compromise that.

If a judge issues a warrant for a mass hack that infects thousands of computers in a watering hole attack, based on a false premise that the only computer that is searched is the server, then we have a huge problem.

That is, since this is a so-called spear phishing or watering hole attack, there's reason to believe that this isn't like Code Red or Nimda that just promiscuously scanned the Internet and infected everybody they could.

The group has spear phishing attacks with decoy documents (and watering hole attacks) to deploy backdoor Trojans, targeting Mac OSX and Android operating systems, and variants of a Windows backdoor named FakeM.

But there is a - this was found by seeing it in the wild in watering hole attacks where specific industries - in this case it seemed to be government, American government employees and contractors working in the nuclear research sector, and Europeans working in defense, security, and aerospace industries.

During our investigation, we found a small number of computers, including some in our Mac business unit - in other words, it was the same iOS watering hole attack that got the Facebook and Apple developers - "that were infected by malicious software using techniques similar to those documented by other organizations."

All of the attacks start by either being phishing or watering hole attacks, meaning that either email is sent to somebody they want to gain intelligence from, or websites which are not secure, which are often visited by people whom they wish to gain intelligence from, will be altered with well-known exploits.