A popular forum, where ICS techniques are discussed, loads scripts and ads from multiple external sites. Which attack can an adversary use to leverage this situation to attack this particular industry?
A popular forum, where ICS techniques are discussed, loads scripts and ads from multiple external sites. Which attack can an adversary use to leverage this situation to attack this particular industry?
The correct answer is watering-hole. A watering-hole attack involves compromising a website that is frequently visited by the target group. In this case, a popular forum discussing ICS techniques loading scripts and ads from multiple external sites presents multiple points of vulnerability. An adversary can exploit these vulnerabilities to inject malicious content, targeting specific users from the industry who visit these forums.
Correct answer: C "If an attacker intends to disrupt industrial control systems, they might begin a watering hole attack by targeting the Control Automation website, a discussion forum for ICS engineers (https://control.com/). A quick look at the control.com site reveals that the site loads JavaScript, CSS, fonts, images, and ads from 13 different websites. Each of these websites is an attack opportunity for an adversary where, if compromised, the attacker can manipulate content sent to ICS administrators when they visit the control.com website."
Answer is C