Watering Hole Attack
The targeting of a website used by a specific group of users. For example, if an attacker wanted to attack an airline, they might insert malware into an aviation website, such as Pprune.org, which is a website frequented by airline staff. If, for example, the target inadvertently downloads credential harvesting software from this site, it could easily lead to an airline’s network being compromised. In 2017, the Polish Financial Supervision Authority’s website was infected with code which would trigger the download of malware onto the users’ computers. This malware was squarely targeted at those working in the Polish financial sector.