A criminal will identify a website that is frequented by users inside a target organisation, compromise that website, and use it to distribute malicious software to the users.
Watering hole attacks are an example of a supply chain attack, whereby criminals target websites thought to be regularly used by organisations of interest to them. These types of attacks are becoming increasingly successful with the increased use of third party web based services.
A victim may be unaware that malware has been downloaded during their session, this is known as a 'drive by' attack. Alternatively, as they are usually on a trusted site, they may conciously download a file without knowing what it really contains.
Typically, the malware used will be a Remote Access Trojan, which will enable the attacker to gain remote access to a target system to then perform a number of functions e.g. reconnaisance / exfiltrating data / distributing other malware.
Watering Hole attacks are a type of Supply Chain attack, so it's important that both your new and existing suppliers are evaluated for their cyber risk. Consider contractual clauses focused on security, and challenge your suppliers to practice and develop processes for reacting to compromise or data breaches. Note: Cyber Essentials accreditation is a good indicator for a supplier's reputation.
Protect your devices and network by ensuring that everything is frequently being patched and updated. Watering Hole attacks exploit bugs and vulnerabilities, so it is crucial that you are using the latest versions of any software you have, and apply security patches promptly.
Network Security - ensure that your firewalls and any other security products have been correctly configured to monitor and filter web traffic effectively. Monitoring your network for abnormalities is especially key to detecting malicious behaviour. If you are not responsible for this, ask your IT manager/provider to confirm this is being done.