The veteran DarkHotel hacking group is back with a few new tricks up their sleeve. These sophisticated hackers first began targeting high level executives in 2011 with a signature brand of cybercrime that targets business travellers with malware attacks, using the Wi-Fi in luxury hotels across the globe.
These bad guys would wait for these individuals to connect to a hotel’s WiFi and use social engineering tactics to compromise them. They use different types of exploits, one of them tricking the target into downloading a malicious “update” to a well-known program, such as Adobe. Once the victims downloaded the update, the hackers would steal information from their laptop and use it to compromise the company.
"The other tactic is a very carefully crafted phishing email targeted to one person at a time,” senior e-threat analyst at Bitdefender Bogdan Botezatu told ZDNet.
The email comes with a self-extracting attachment that begins the Trojan download. The malware payload isn’t delivered all at once, as the malware downloads it in steps to circumvent antivirus software. A Word file may be opened on the computer to trick the user from looking at what else is happening on computer. The multi-stage Trojan is an evolutionary step, researchers say, as it helps hackers avoid detection.
Tips to Stay Safe For Road-warriors
- Ensure operating systems are up to date. New updates come out frequently for operating systems, so for traveler's laptops, enable automatic Windows updates.
- Update all 3rd party software apps. This means everything that is being used — programs for company use, recreational use, and security solutions. I recommend Personal Software Inspector, quite possibly the most useful free app you can have running on a laptop.
- For road warrior's windows laptops, you could consider deploying a security tool that uses application whitelisting as its primary method of malware detection. An example is PC Matic. If the DarkHotel hackers attempted to run the malicious executable file, it would not work. This is because the malicious file would be categorized as “unknown”. With application whitelisting, unknown files are blocked from executing until they can be tested and proven safe.
- Have road warriors step through new-school security awareness training, so they know how to stay safe online.
Effective employee security awareness training combines on-demand web based training with simulated phishing attacks to keep users on their toes with security top of mind, where ever they are. Find out how affordable this is for your organization and be pleasantly surprised.
Don't like to click on redirected buttons? Copy / Paste this link in your browser: