312-50V11 · Question #962
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites a
The correct answer is D. Watering hole attack. A watering hole attack involves identifying websites frequently visited by a target group, compromising those sites with malicious code, and waiting passively for victims to visit and become infected.
Question
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?
Options
- ADNS rebinding attack
- BClickjacking attack
- CMarioNet attack
- DWatering hole attack
How the community answered
(14 responses)- B7% (1)
- C7% (1)
- D86% (12)
Why each option
A watering hole attack involves identifying websites frequently visited by a target group, compromising those sites with malicious code, and waiting passively for victims to visit and become infected.
A DNS rebinding attack manipulates DNS TTL values to bypass the browser's same-origin policy, allowing an attacker to interact with a victim's internal network - it does not involve injecting scripts into third-party websites.
A clickjacking attack uses hidden or transparent UI layers to trick users into clicking on unintended elements on a legitimate page, and does not involve compromising external sites to deliver malware via redirects.
A MarioNet attack exploits the browser's Service Worker API to maintain persistent malicious control even after the user leaves the page, and is unrelated to profiling target websites or injecting redirect scripts.
A watering hole attack follows the exact pattern described: the attacker researches the target group's browsing habits, identifies and exploits vulnerabilities in those frequented sites, injects malicious scripts to redirect or deliver malware, and then waits for victims to visit the compromised site. This passive, target-profiling approach is the defining characteristic of a watering hole attack.
Concept tested: Watering hole attack methodology and target profiling
Source: https://attack.mitre.org/techniques/T1189/
Topics
Community Discussion
No community discussion yet for this question.