A company has identified a watering hole attack. Which of the following Best describes this type of attack?
Emails are being spoofed to look like they are internal emails
A cloud storage site is attempting to harvest user IDS and passwords
An online news site is hosting ads in iframes from another site
A local restaurant chains online menu is hosting malicious code
3 Comments on “Which of the following Best describes this type of attack?”
could also be D
I believe the answer is D: A watering hole attack generally inserts some type of malicious code/exploit to compromise another site.
C: is only hosting ads in another site’s iframes which is more like spamming.
watering hole attack: An attacker profiles which websites a user accesses and later
infects those sites to redirect the user to other websites.
This targeted attack is when an attacker profiles the
websites that the intended victim accesses. The attacker then scans those websites
for possible vulnerabilities. If the attacker locates a website that can be
code injection that is designed to redirect the user when the user returns to
that site (also known as a pivot attack). The user is then redirected to a site
with some sort of exploit code…and the rest is, well, history. The purpose is to
infect computers in the organization’s network, thereby allowing the attacker
to gain a foothold in the network for espionage or other reasons. Watering
hole attacks are often designed to profile users of specific organizations, and
as such, an organization should develop policies to prevent these attacks. This
can be done by updating anti-malware applications regularly, and by other
Looks like D is the answer