Watering hole attacks are attacks to a website made by placing malicious code within a page that will launch an attack on visitors.
Because companies are taking every precaution necessary against malware, it is getting more difficult for hackers to get in.
So instead of forcing their way into secure company employee accounts, they use bait so to speak and prey on employees, encouraging them to go out and bring the hacker into the website themselves.

According to a recent article in the New York Times,
when hackers were unable to breach the computer network at a big oil company, they infected the most popular online menu of a Chinese restaurant with malware. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the vast computer network of their business.