Certified Ethical Hacker (CEH v12) — Question 32

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.
Which of the following techniques is used by Joel in the above scenario?

Answer options

• A. Watering hole attack
• B. DNS rebinding attack
• C. MarioNet attack
• D. Clickjacking attack

Correct answer: A

Explanation

Joel is using a Watering hole attack, where he targets specific users by compromising websites they frequently visit. The other options are incorrect because a DNS rebinding attack involves manipulating DNS responses, a MarioNet attack is not a recognized term in cybersecurity, and Clickjacking involves tricking users into clicking on something different than what they perceive, which is not the method described here.