Initiating an attack against targeted businesses and organisations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?
A. Watering Hole Attack
B. Heartbleed Attack
C. Shellshock Attack
D. Spear Phishing Attack
Scroll down for answer
Watering Hole is a computer attack strategy, in which the victim is a particular group (organisation, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.
Also see: (ISC)2 CISSP (2018) Question of the Day
Also see: (ISC)2 SSCP Questions and Answers