Arriving in a hotel lobby, what’s the first thing we do? We try to access the WiFi. It’s instinctive and seemingly innocuous.
But not always. Experts from Kaspersky Lab's Global Research and Analysis Team have published a section of their findings on Darkhotel, an espionage campaign that has been discretely targeting thousands of luxury business travellers over the past four years.
Hackers have been allegedly infecting hotel networks using their Darkhote "toolkit" and recording guest’s names, room numbers and other details. Unsuspecting web users are then prompted into downloading software updates for Google Toolbar, Adobe Flash or Windows Messenger.
The catch? It could actually be a Trojan attack, which is still classed as a "current threat actor" by Kaspersky Lab.
Once a user’s system is infected, hackers have been discovered using keyloggers to record passwords, payment information and intellectual property.
"About 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea, partly because of the group's indiscriminate spread of malware," said Kaspersky's Securelist blog.
The miscreants apparently never go after the same target twice and have performed their operations with surgical precision, according to a statement from Kaspersky Lab. Recent targets include executives from the US and Asia staying in high-end hotels in the Asia-Pacific region.
"For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behaviour,” explained Kurt Baumgartner, principal security researcher at Kaspersky Lab.
While Kaspersky has not yet commented on which hotel or groups have been targeted, its experts have published advice on how to outsmart the Darkhotel attack:
- Use a Virtual Private Network (VPN) provider - you will get an encrypted communication channel when accessing public or semi-public Wi-Fi
- When travelling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor.
- Make sure your Internet security solution includes proactive defence against new threats rather than just basic antivirus protection.
To read more about privacy tips: http://cybersmart.kaspersky.com/privacy.