Threat Management

Lumen’s Black Lotus Labs flags ‘watering hole’ cyber threat

Lumen Technologies' Black Lotus Labs identified a cyberthreat type called "watering hole attacks" that installs a malicious JavaScript function into a target website's code, FierceTelecom reports. The recently discovered threat have been used for several years, including in an April 2020 incident involving the San Francisco International Airport. The threat, which was identified on one website in Canada and on several websites in Ukraine, infects anyone who visited the sites, leaving them vulnerable to a theft of their Windows authentication credentials that could be used to impersonate the victims. According to researchers, the attack enables threat actors to obtain the New Technology LAN Manager hashes from the victims' devices which they will then use to get usernames and passwords. "To protect against this type of attack, organizations should configure their firewalls to prevent outbound SMB-based communications from leaving the network or consider turning off or limiting SMB in the corporate environment," said Black Lotus Labs' Mike Benjamin.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.