What is a watering hole attack?

A watering hole attack compromises a legitimate website frequently visited by the target group, then uses it to deliver malware to visitors. The attacker identifies websites that employees of the target organization regularly use, such as industry forums, news sites, or vendor portals, and injects malicious code into those sites. When employees visit the compromised site, malware is downloaded automatically through drive-by download or they are redirected to a malicious site. This is effective against organizations with strong email security because it bypasses email filters entirely.