Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / 'Darkhotel' Tricks Hotel Wi-Fi Users
'Darkhotel' Tricks Business Travelers with Hotel Wi-Fi
'Darkhotel' Tricks Business Travelers with Hotel Wi-Fi
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
It can be kind of creepy walking into a dark hotel room when you don’t know where the lights are. But a new espionage campaign that’s been lurking in the shadows for at least four years is even creepier.

Dubbed “Darkhotel,” the campaign has been stealing sensitive data from corporate executives, typically from the U.S. and Asia who travel abroad. The Kaspersky Lab Global Research and Analysis Team just issued a report on the cyber-espionage operation, which reportedly never goes after the same target twice and deletes all traces of its work.

“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior,” said Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab. “This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”

How Darkhotel Works

Here’s how Darkhotel works: The bad actor maintains an intrusion model set on hotel networks to gain access to systems that travelers think are secure and private. After the target connects to the hotel Wi-Fi network with his last name and room number, attackers trick the target into downloading and installing a backdoor by disguising malware as legitimate software, like Windows Messenger or Adobe Flash. When the target downloads the hotel “welcome package” it infects the machine with the spy software.

After the software is installed, attackers use the backdoor to download more malware, including a digitally-signed advanced keylogger, the Trojan Karba, and an information-stealing module. That makes it possible to collect data about the system, any anti-malware software installed, log all the victim’s keystrokes and even hunt for cached passwords and social media log-in credentials. After they get what they need, the attackers silently delete their malware and move on.

“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools,” said Baumgartner.

The Real Danger

Ken Westin, a security analyst from advanced cyber threat protection firm Tripwire, told us he tries to avoid using hotel Wi-Fi because hotels are target-rich environments for attackers to set up fake wireless networks.

“I have found that, in general, a lot of hotels fail to implement best practices when securing their Wi-Fi networks. I prefer to travel with a hotspot for Internet access and even then use a secure VPN,” he said. “Executives need to be particularly wary, especially when traveling overseas or attending conferences which announce their presence. Attackers targeting a specific person or industry may be present seeking ways to steal intellectual property, or other information that can benefit another company in business deals and provide an unfair advantage.”

Three Ways To Protect Yourself

Kaspersky agreed that any network you come upon while traveling, even semi-private ones in hotels, should be viewed as potentially dangerous. The good news is you can prevent these types of attacks, the firm offered, in three ways:

1. Choose a virtual private network (VPN) provider that will offer you an encrypted communication channel when accessing public or semi-public Wi-Fi.

2. When you are traveling, always consider software updates with suspicion. Also, confirm that the proposed update installer is signed by its vendor. If in doubt, wait until you can make that confirmation.

3. And, finally, make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.