Lumen’s Black Lotus Labs flags ‘watering hole’ cyber threat

Lumen Technologies' Black Lotus Labs identified a cyberthreat type called "watering hole attacks" that installs a malicious JavaScript function into a target website's code, FierceTelecom reports. The recently discovered threat have been used for several years, including in an April 2020 incident involving the San Francisco International Airport. The threat, which was identified on one website in Canada and on several websites in Ukraine, infects anyone who visited the sites, leaving them vulnerable to a theft of their Windows authentication credentials that could be used to impersonate the victims. According to researchers, the attack enables threat actors to obtain the New Technology LAN Manager hashes from the victims' devices which they will then use to get usernames and passwords. "To protect against this type of attack, organizations should configure their firewalls to prevent outbound SMB-based communications from leaving the network or consider turning off or limiting SMB in the corporate environment," said Black Lotus Labs' Mike Benjamin.