A new report this week from cybersecurity firm Kaspersky Lab has pinpointed a threat to business travelers who’ve stayed in hotels in the Asia-Pacific region, a threat that appears to go back as far as 2007 and is still active today. This threat, which attacks computers when travelers log onto the internet via their hotel wifi, actually roots around through the user’s computer, uncovers the nature of his career, then sends what appear to be industry-specific emails to entice the user to open links or download software.
With several different methods for infiltrating the user’s computer—everything from requests to update software like the Adobe Flash Player or Java, to requiring the download and decryption of software in order to continue using the service—the attacks spanned numerous countries and were aimed at a wide variety of industry professionals, including developers, military travelers, pharmaceutical company representatives, and more.
Even though we may think of business traveling as a rather isolated work-related event, it’s important to remember that many travelers own a single device, like a laptop computer, that they may use for both work and when traveling for personal reasons. Even if you’re not staying in a hotel for business, the information that the Darkhotel attackers need could still be in your work computer, and therefore make you a prime target once you log on at a hotel. One part of this particular cyberthreat that has been uncovered is the practice of “spear phishing,” which is targeting specific industries or individuals with what appears to be trustworthy information about them in order to get them to act. Individuals who were targeted by Darkhotel received personalized correspondence that looked legitimate on the surface, but they’d been generated by the attackers using information garnered by snooping around in the users’ emails and other files.
Short of investing in your own personal internet hotspot to ensure that you don’t need to sign in on an unsecured connection, there are some steps you can take to protect your information. One would be to sign out of any file sharing applications, like Dropbox, while away. That can minimize the ability of a hacker to access your work-related files while you’re connected. Also, it’s important to keep in mind that the Darkhotel APT worked by sending the recipient emails that pertained to their businesses, and which required the recipients to take some sort of action, like clicking on a link or downloading an update.
Never download software or updates from an unsecured connection, no matter where you are. Make sure you’re keeping your relevant software up to date through regular updating at home, and be certain your antivirus and anti-malware software is as recent as possible before you connect away from your home or office.