OceanLotus: New Watering Hole Attack in Southeast Asia
(Nov 20, 2018)
Recommendation: This story represents potential threats and attacks that can arise based on current geopolitical developments. Therefore, awareness of tension between countries and governments can potentially grant some insight as to where attacks may originate. Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. It is crucial that server software is kept up-to-date with the most current versions and that all external-facing assets are carefully monitored and scanned for unusual activity and vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.