Cybersecurity lab identifies a surge in watering hole attack

Black Lotus Labs, a subsidiary of Lumen Technologies, has warned all website owners about an increase in ‘watering hole’ cyber threats. The researchers from the organization say that a hacking group operating from Asia was busy launching malware campaigns targeting websites operated by large and small businesses.

Technically, a watering hole attack is nothing but a kind of malware attack where hackers inject malicious functions into website codes, that target victims visiting the website for execution.

Although such types of cyber attacks have been existing in the cyber landscape from the past decade or so, Black Lotus Labs reports that there has been an increase in such attacks from 2020 on par with the ransomware attacks.

In April 2020, San Francisco International Airport became a victim of such attack after which the list of victims increased taking the number to 79 till date; most of them were from Ukraine and Canada where malicious JavaScript prompted victim devices to send their New Technology LAN Manager (NTLM) hashes to a remote server controlled by hacker using a Server Message Block (SMB).

Lumen Technologies that serves customers in over 60 countries is urging all organizations to configure their firewalls in such a way that they block all outbound SMB communications that leave the corporate network.

Note- SMB is a kind of communication protocol that allows shared access to computing resources such as files, printers and ports related to ports. It was also known as Common Internet File System until 2004. To those uninitiated, SMB acted as a primary attack vector for launching cyber attacks on Sony Pictures in 2014 and WannaCry Ransomware Attack in 2017.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display