Lumen’s Black Lotus Labs flags ‘watering hole’ cyber threat | SC Media
Strategy, Threat intelligence

Lumen’s Black Lotus Labs flags ‘watering hole’ cyber threat

April 5, 2021
Lumen Technologies' Black Lotus Labs identified a cyberthreat type called "watering hole attacks" that installs a malicious JavaScript function into a target website's code, FierceTelecom reports. The recently discovered threat have been used for several years, including in an April 2020 incident involving the San Francisco International Airport. The threat, which was identified on one website in Canada and on several websites in Ukraine, infects anyone who visited the sites, leaving them vulnerable to a theft of their Windows authentication credentials that could be used to impersonate the victims. According to researchers, the attack enables threat actors to obtain the New Technology LAN Manager hashes from the victims' devices which they will then use to get usernames and passwords. "To protect against this type of attack, organizations should configure their firewalls to prevent outbound SMB-based communications from leaving the network or consider turning off or limiting SMB in the corporate environment," said Black Lotus Labs' Mike Benjamin.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad