What distinguishes a 'watering hole' attack from other common malware distribution methods?

A 'watering hole' attack is distinguished from other common malware distribution methods by its targeting strategy: instead of directly targeting individual victims, it infects a website that a specific group of people is known to visit regularly. Common malware distribution methods often involve mass emails with malicious attachments or links (phishing), drive-by downloads from compromised websites, or exploiting vulnerabilities in software used by a broad audience. A watering hole attack, however, focuses on identifying the websites frequented by a particular group, such as employees of a specific company or members of a certain organization. The attackers then compromise one of these websites, injecting malicious code that infects the computers of visitors. For instance, if a group of human rights activists regularly visits a particular news website, attackers might compromise that website to infect the activists' computers with spyware. The attackers are 'lying in wait' at the watering hole (the website) for their intended victims to arrive.