1_1_6 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Water Hole Attacks

Questions and Answers

What is a watering hole in the context of network security?

• A type of malware used by attackers
• A secured organization's internal network
• A central place where attackers hope users will visit and become infected (correct)
• A place where users can safely access the internet

How do attackers change their strategy when facing a highly secure organization?

• They focus on third parties to indirectly infect the organization's users (correct)
• They enhance their email phishing techniques
• They try to infect users via USB keys
• They directly attack the organization's network

What do attackers hope to achieve through a watering hole attack?

• Direct access to an organization's internal network
• Disabling the organization's security measures
• Infecting users to gain entry into a secure network (correct)
• Stealing sensitive information from the organization

How do attackers identify potential watering holes for their attacks?

By guessing the websites visited by users (B)

Why do attackers sometimes target local establishments like sandwich shops in their strategies?

As an indirect way to infect users who might visit there (B)

Why do attackers focus on finding vulnerabilities on third-party sites in a watering hole attack?

To bypass the security measures of the target organization (B)

What is a common goal of a watering hole attack?

To infect a specific group of visitors to a site (B)

How did the attackers execute the watering hole attack on the Polish Financial Supervision Authority?

By infecting third-party sites related to financial organizations (A)

What type of visitors were specifically targeted during the watering hole attack mentioned?

Visitors from specific IP addresses matching banks and financial institutions (B)

How did Symantec's antivirus software help users during the watering hole attack on the Polish Financial Supervision Authority?

It alerted users on a generic JavaScript attack signature (D)

How can organizations prevent watering hole attacks according to the text?

By using a layered defense approach (B)

What was one of the key payloads sent in the watering hole attacks discussed in the text?

Malicious JavaScript files (C)

What is the attackers' new strategy in response to organizations with high security measures?

Targeting a third party to infect users who visit it (C)

How do attackers typically identify a potential watering hole for their attack?

Conducting research to find out where the organization's users visit (C)

What is the purpose of infecting a third-party site in a watering hole attack?

To gain access to users who visit that site and infect them (A)

What role does the watering hole play in a cyber attack?

Serving as an infection point for users of the target organization (B)

How do attackers gain access to an organization's network through a watering hole attack?

By infecting users who visit a compromised third-party site (C)

Why do attackers target a variety of websites, such as local establishments and industrial sites, in watering hole attacks?

To increase the chances of infecting users from the target organization (A)

What was the primary target of the watering hole attack discussed in the text?

State-owned banks (B)

How did the attackers ensure that only specific visitors were infected during the watering hole attack?

By targeting visitors from specific IP addresses (A)

What type of security defense is recommended to prevent watering hole attacks according to the text?

Using a layered defense approach (C)

In the case of the Polish Financial Supervision Authority attack, what action by users helped prevent infection?

Having Symantec's antivirus software active (B)

What was a common payload used in the watering hole attacks conducted as per the text?

Malicious JavaScript files targeting specific IP addresses (B)

What key feature of a next-generation firewall or intrusion prevention system helps in stopping watering hole attacks?

Identifying and blocking malicious software proactively (A)