Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.
Which of the following techniques is used by Joel in the above scenario?
Joel uses a technique known as a watering hole attack. In this method, the attacker identifies websites that are frequently visited by the target group, searches for vulnerabilities in those websites, and injects malicious scripts to compromise the users. When the victim visits the infected website, the malware is downloaded onto their machine, leading to a security breach.
A. Watering hole attack P1952 / Module 14 CEH book V12 +Watering Hole Attack It is a type of unvalidated redirect attack whereby the attacker first identifies the most visited website of the target, determines the vulnerabilities in the website, injects malicious code into the vulnerable web application, and then waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes, infecting the victim.
Watering hole attack. You can lead a horse but you can’t make him drink
A. Watering hole attack Explanation: In the given scenario, Joel is using a technique called the watering hole attack. This technique involves the attacker targeting a specific group of individuals or organization by infecting a website that the targeted group regularly visits, also known as the "watering hole". The attacker then injects a malicious code into the website, which can be used to download malware onto the victim's machine. When the victim visits the infected website, the malware is automatically downloaded onto their system. This attack is often used when traditional phishing techniques fail to work or are too risky to execute.
Clickjacking
Watering hole attack