Business executives take note – malware is specifically targeted at you when you are staying at a high-end hotel.
According to Kaspersky Lab, which is credited with the discovery, the malware, dubbed Darkhotel, is a corporate espionage campaign that steals sensitive data, targeting specifically corporate executives. Right now, the malware is found primarily in Asian countries, but American executives are among the targets.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, told me in an email that Darkhotel is employing techniques that are different from what is usually seen:
This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.
Darkhotel is also very particular about who it is attacking. Researchers from Kaspersky Lab said they visited the hotels where the malware was found but were never hit by any attempts of an attack.
The malware is dependent on the user connecting to the hotel’s Wi-Fi, where the connection includes the user’s last name and room number. The hacker is then able to manipulate the user’s behavior in what is already a compromised connection; the user is tricked into downloading an update for a trusted (and regularly updated) software like Microsoft or Adobe, which actually downloads spying software. Then, as CNET stated:
That's about all the hackers need. From there, they can infect computers with keyloggers, Trojans and other software meant to steal passwords, monitor keystrokes and collect private information, according to the report.
The goal, it appears, is to steal corporate data and intellectual property.
Darkhotel has been around for a while, at least since 2007, it is assumed, but it is growing, and targeted hotels have been popping up in the United States. What’s disturbing, according to Wired, is that the hotels aren’t willing to cooperate in any investigation of a serious security problem that puts their customers and customers’ businesses at risk.
As Paul Lipman, CEO of iSheriff, told me in an email, Darkhotel is a good example of the fundamental flaw in today’s corporate cybersecurity approach. He said:
Organizations spend many millions of dollars to protect their networks against outside threats, investing in ever more sophisticated ways to defend their network infrastructure, applications, and data from attack. Despite all of this investment, roaming users are typically protected with nothing more than endpoint anti-virus, a technology that is woefully inadequate to protect against advanced persistent threats such as Darkhotel. Even worse, when an infected user later comes back into the office, any malware infection picked up “on the road” can instantly spider out across the network, multiplying the risk by orders of magnitude.
I think another issue is at hand here, and that is the temptation to use hotel Wi-Fi as if it is the same as your office’s secured connection. While yes, this malware is playing on what should be a good security practice – updating your software when prompted – the better action in this case is to conduct the bare minimum amount of business possible when on hotel Wi-Fi and leave the downloads and updates to a time when you are on a trusted network.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba