Security software vendor Kaspersky Lab has released an eye opening report on an Advanced Persistent Threat (APT) group named “Dark Hotel”. First published on Monday 10th November, the report describes an attack vector that these extremely skilled, surgically precise group of hackers have been exploiting for at least 4 years. Both the FBI and Australian Government have issued similar advisories over the years, with records showing the Dark Hotel attack vector being utilised from as early as 2007.
How the Dark Hotel attack is carried out
Even at exclusive hotels, guests including corporate executives wanting to get online are infected with a rare APT trojan posing as an update for commonly installed software such as Adobe, Google and Windows. This helps the attackers identify, and selectively target their victims. Some variants capture the room number and last name information often used to connect to hotel WiFi networks. The selected targets, typically executives, are then used as a means to penetrate corporate networks, in addition to stealing personal information from the victims themselves. After taking what they need, hackers then delete their tools from the hotel network, making the attack hard to detect in real time.
Costin Raiu, director of the global research and analysis team at Kaspersky Lab, told CNBC whilst it is difficult to ascertain if these are state sponsored attacks, “It is definitely not the same chain of hotels.” Kaspersky predicts the number of attacks carried out since 2008 to be in the thousands, with hundreds of hotels worldwide expected to have been compromised.
Helping Executives stay Secure
Having long advised corporate executives and clients of high net worth to be particularly careful whenever having to use untrusted internet access such as in hotels, airports and other wireless hotspots; Infosec Partners have enabled clients, such as those with ‘VIPIT membership’, to stay secure through a programme of awareness, as well as through a 24×7 full service offering which incorporates security expertise and personalised support.
Indeed it’s not only on their travels where executives are being targeted, the executives homes and even families have also been identified as avenues to exploit, which is why Infosec Partners have outlined a series of steps to provide total protection for directors both at home, and away.