In a watering hole attack, the attacker compromises a website frequently visited by the target group. Instead of attacking the target directly, the trusted website is injected with malicious code that executes automatically when visited. The name derives from the predator strategy of ambushing prey at a water source. In an ISMS, watering hole attacks belong to the advanced threats that should be considered in risk analysis. Countermeasures include browser isolation, regular patching, and network segmentation.