Watering Hole Attack

Definition(s):

In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.

Source: NIST CNSSI 4009-2015

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

Source: NIST NIST SP 800-150 under Watering Hole Attack

Watering Hole

Definition(s):

Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.

Source: NIST NIST SP 1800-21B from ICS-CERT Monitor

Best Practice

Definition(s):

Proven activities or processes that have been successfully used by multiple organizations.

Source: ITIL

Authorization

Definition(s):

Access privileges granted to a user, program, or process or the act of granting those privileges.

Source: CNSSI-4009