PT0-002 topic 1 question 285

C. A watering-hole attack

In the context of cybersecurity, different types of attacks have various methods and effects. To determine which attack would best support compromising company systems after a red team has discovered that an external web server is frequented by employees and has been compromised, let's analyze each option:

A. A side-channel attack - This type of attack involves exploiting information from the physical implementation of a system rather than directly attacking the system's software. Side-channel attacks can include timing attacks, power consumption analysis, electromagnetic analysis, and more. While these can be effective, they are not the most straightforward approach to compromise a company's systems through a compromised external web server.

B. A command injection attack - This attack occurs when an attacker sends malicious commands to the shell of a system through an application. If an employee unknowingly enters a command on a compromised external web server that is linked to the company's systems, this could lead to unauthorized execution of commands on the company's systems. This could be a very effective way to compromise those systems, as it directly exploits the employees' interactions with the server.

C. A watering-hole attack - In a watering-hole attack, the attacker identifies a website that is frequently visited by the target group (in this case, the company's employees) and then compromises that site to deliver malware or other harmful payloads to the visitors. Since the employees are already frequenting the external web server, this attack method could be highly effective in compromising the company systems, as it relies on the employees' regular visits to the compromised site.

D. A cross-site scripting attack (XSS) - XSS attacks involve injecting malicious scripts into web pages viewed by other users. While this can lead to the theft of information or other harmful actions, it typically requires the target to visit a maliciously crafted web page. Since the employees are already visiting the compromised server, XSS could be a viable attack vector, but it might not be as direct or effective as command injection or watering-hole attacks in this scenario.

Considering the scenario where an external web server frequented by employees has been compromised, the best option to support compromising company systems would likely be a combination of B (Command Injection) and C (Watering-Hole). Both of these attacks leverage the employees' regular interactions with the compromised server and can lead to significant security breaches within the company's systems.
Command injection directly exploits employee actions to execute harmful commands on the company's systems, while watering-hole attacks can effectively spread malware or other payloads to a broad group of employees who visit the compromised site.
It is important for companies to educate their employees about cybersecurity risks and to implement robust security measures to protect both their systems and their employees from such threats.