Kaspersky - ‘Darkhotel’ Espionage Attack Targets Executives Using Hotel Internet

Kaspersky, a computer-security firm, recently said that travelling business executives have been victimized by an espionage attack known as Darkhotel which is a malware targeting guests of high-profile hotels via their networks.

According to the report, most of the infected machines seem to be located in Taiwan, Japan, Russia, China and Korea but there are many more victims in other countries like Germany, Indonesia, United States, India and Ireland.

Kaspersky Labs explains the modus operandi of the Darkhotel attack: When users connect to the network, they are presented with a dialog box asking them to install a fake update which looks authentic like Google Toolbar, Flash or Windows Messenger. If the victim agrees to install the fake update, he receives a digitally signed piece of malware by courtesy of attackers. The malware has keylogging and other capabilities which steal information and then sent back to the attackers.

The attackers need all these and then they can infect systems with keyloggers, trojans and other software to embezzle passwords, watch keystrokes and gather private information. The main purpose of the attack seems to be to steal sensitive corporate details or gain entry into corporate networks.

Kaspersky says that once hacking is complete, all signs of the hack are erased and the innocent victims continue work without knowing that their sensitive data and their corporation's data have been stolen. Apparently, hackers never target the same person twice.

The hackers also distribute Darkhotel malware randomly along with these targeted attacks.

Cnet.com published a report on 10th November, 2014 quoting Kurt Baumgartner, Principal Security Researcher of Kaspersky Lab, as saying "The blend of both targeted and random attacks is gradually getting more ordinary in the (Advanced Packaging Tool) landscape. Targeted attacks are employed to hijack high-profile users and botnet-style operations are employed for mass surveillance or to execute other tasks like (distributed denial-of-service attacking) adversaries or just to advance interesting victims to more chic espionage tools."

Kaspersky warned that the Darkhotel malware is still active and has advised business travellers to use a VPN and ensure that security solutions can defend any new threats and treat software updates as suspicious.

» SPAMfighter News - 11/19/2014