Watering Hole Attack


In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.

 Source: NIST CNSSI 4009-2015

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

 Source: NIST NIST SP 800-150 under Watering Hole Attack

Watering Hole


Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.

 Source: NIST NIST SP 1800-21B from ICS-CERT Monitor

Best Practice


Proven activities or processes that have been successfully used by multiple organizations.

 Source: ITIL



Access privileges granted to a user, program, or process or the act of granting those privileges.

 Source: CNSSI-4009