Watering-hole analogy

An attacker can use a compromised server in order to steal information of all users of the
same server also known as a Watering Hole attack. The attackers study the behavior of people who
work for a target organization, to learn about their browsing habits. Then they compromise a web site
that is frequently used by employees—preferably one hosted by a trusted organization which
represents a valuable source of information. Ideally, they will use a zero-day exploit. So when an
employee visits a web page on the site, they are infected, typically a backdoor Trojan is installed
allowing the attackers to access the company’s internal network. In effect, instead of chasing the victim, the cybercriminal sits in a location that the victim is highly likely to
visit—hence the watering-hole analogy (Kaspersky, 2013; Symantec, 2013).
The other important aspect, from the criminal point of view, is the change of the criminal business
model. Older versions of malware were offered for sale at very high prices. Actually early versions are distributed free of charge and often these former versions have been “backdoored” by criminals,
meaning that the novice thief (so called lamer) also becomes the victim.
In the recent past, instead, the glut of freely available criminal tools has lowered the cost barrier of
entry into cybercrime and encouraged more wannabe cybergangsters (lamer) into online crime.
As mentioned today’s malware scene is highly organized, structured, and professional in its
approach.
Cyber Crime and Cyber Terrorism - Babak Akhgar