Paper Title
Water Hole Attack: Methodologies, Mechanism and Human Vulnerabilities
Abstract
Abstract - Watering hole attacks are a serious threat to cyberspace and cyber systems, they are intended to target the most visited website or the user that is a frequent visitor and can provide vulnerable information, or can become a stepping stone for an actual intended victim. A watering hole attack intends to trap the victim into strategically compromising and revealing sensitive information, and this gathered data may be further used to carry out a cyber kill chain attack. Watering hole attacks are a serious threat to any organisation as they are difficult to detect and we do not know exactly what factors make them so undetectable. In this paper, a conceptual model has been proposed that provides a structural perspective of the attack. Three main instances have been discussed in this work: Effect Mechanisms, Human Vulnerabilities, and Mitigation Techniques based on vulnerabilities have been discussed. The Conceptual model and three entities are used to develop a better understanding of the attack mechanism, mitigate its effects and raise awareness regarding this strategic compromised attack that remains highly undetected.
Keywords - Watering hole, Advanced Persistent Threats, Social Engineering Attacks.