As the focus on cyber attacks continues to increase companies are being warned to make their high-profile executives, directors and officers aware of a new threat dubbed DarkHotel. This scam targets specific individuals whilst they are accessing the internet via Wi-Fi or an ethernet cable while staying in upmarket hotels abroad.
How does it work?
When the individual connects to the internet they receive a fake update request to a popular software package such as Adobe Flash, Google Toolbar or Windows Messenger. The installation files do include legitimate software but they also contain the DarkHotel code. Once the individual approves the update request the DarkHotel code goes to work, employing a number of different malware, including the following:
- Keyloggers monitor users’ activity by recording and transmitting their keyboard and mouse presses.
- Information stealers copy data such as passwords stored by internet browsers and other credentials.
- A Trojan scans a system’s contents such as data about its anti-virus software. The malware then uploads that information to the hackers’ computer server.
- Droppers install more viruses on computer systems.
- Selective infectors spread malware to other computer equipment via a USB connection or removable storage.
- Small downloaders contact the hackers’ servers after 180 days, in a presumed attempt to allow hackers to regain control of machines that detected and/or removed their malware.
DarkHotel has targeted hotel guests around the world with incidents happening in Japan, Taiwan, mainland China, Hong Kong, Russia, South Korea, India, Indonesia, Germany, the United States and Ireland—but the majority of attacks have taken place in luxury Asian hotels. The common factor across all these attacks is the hackers always target company leaders such as CEOs, senior vice presidents, sales and marketing directors, and other top employees. Researchers know DarkHotel is personally targeting each victim, but it is not yet clear how the hackers are tracking their victims before they arrive at a hotel.
So what can you do?
- Make sure your executives, directors and officers are aware of the threat
- Encourage them not to use hotel wired and wireless internet services—instead rely on a company-provided mobile hotspot device.
- Where this isn’t possible and you must use a hotel’s internet connection, refrain from performing any system administrative tasks or updates.
If you are concerned about cyber protection for your business or could benefit from some independent advice why not get in touch.
.For more tips when travelling please read our blog here.
Source Zywave: Cyber Risks and Liabilities Newsletter December/January 2015
JIB238.11.15
Print 
PDF
