Feeling safe in your executive hotel suite, Mr CEO? Well, DON'T Corporate bosses are coming under attack from a shadowy new group that spreads malware by hijacking the networks of luxury hotels. Kaspersky Labs' Global Research & Analysis Team has issued a warning about an advanced persistent threat designed by a crew called Darkhotel, who target top execs as they relax in plush hotel rooms …
High level execs are the most technologically handicapped people on this planet and therefore ripe targets for this kind of threat in spite of the rigorous security tools and policies on their laptops.
When I was a PC tech we repeatedly cleaned malware/bloatware from many senior officers' company provided laptop because most didn't want to be bothered and just gave it to their kids to play with.
Article mentions fake downloads for software (e.g. Acrobat/Flash) which loads on Malware. At that point, you're pretty much giving away control of your laptop to the writers of that "update" so no zero days required.
It's still a slick way of breaking into your target's computer, though.
High level execs are the most technologically handicapped people on this planet and therefore ripe targets for this kind of threat in spite of the rigorous security tools and policies on their laptops.
When I was a PC tech we repeatedly cleaned malware/bloatware from many senior officers' company provided laptop because most didn't want to be bothered and just gave it to their kids to play with.
Hmm, not all of them are like that, and you can use shock tactics. The trick is to make them realise that it's exactly the recognition of their exalted position that makes extra measures essential. If it's in the way it annoys them, but if it can serve to indicate just how important they are you're winning.
It personally pains me slightly to play that game but my job is to keep them secure, and deception is an essential tool for anyone in security :)
This sounds a tad phishy to me, but I suppose that there's a market for that sort of data. The thing is if it is that exclusive and elite, one has to wonder if it is not those very self same execs that are funding the group to steal data from their competitors.
Or even better:
March 2015:
Asian market crash blamed on executives being spear phished over the last 5 years, leaking critical financial data.....
Prepratory CYA in action?
< Damn, I'm cynical this morning >
It's just a hi-tech version of the old KGB-microphones-in-Moscow-Hotels ply.
I guess it's "ploy", or you'll have to explain to me how they spied with toilet paper :)
Anyway, a couple of years back it was also deemed good practice to keep PC's IR port disabled. Same reason. Anyway, we haul ALL traffic back to base via VPN, their exit point is our firewall. that way we don't have to worry about which network they use. Thankfully we once had a near miss, so traveling execs have by default no admin rights. Ever.
Information gleening for future sale of said information.
The comprimised motel networks are often used for relays and the like,and common for years.
Most decent corp systems dont allow wiresless access to any old network ,they have chosen access points in each major city and if outside its done via UMTS .
The user has no choice in this.
I always thought it simplest to set up a free open network in the name of a near by landmark, i.e. Tesco Wifi, Starbucks WiFi, Marriot Hotel Wifi, then redirect any url's like www.gmail.com or www.outlook.com to a fake login screen, capture the entered login name and password, and then quietly pass them to the correct website for them to enter the details again.
"Once a hotel's network is compromised, Darkhotel can effectively remove any evidence of its presence, neatly removing every trace and successfully dodging detection."
Oh, isn't that convenient. So then there is no proof of it's actual existence?
"So far, the malware has been used to target a number of different industries including electronics firms, hedge funds, big pharma companies and defence organisations."
Again, proof? Links? Etc?
"Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more Darkhotel activity in the coming years," Kaspersky warned. ®
Whose interest is it in to believe this un-verified story? Kaspersky.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
