DarkHotel Malware Emphasizes the Importance of Using Secure Networks While Travelling
Last year, we talked about the importance of ensuring security when connecting to public Wi-Fi networks while travelling. We discovered that many of us fail to consider our security when it comes to connecting to the Internet in a foreign destination. What users don’t know is that open or complimentary Wi-Fi connections used in establishments can only provide a certain amount of protection against possible attacks.
Recently, it was found that a long-running cyber espionage campaign called DarkHotel has been targeting corporate executives who travel to the Asia-Pacific region since at least 2007. According to reports, attackers can seemingly identify their targets, including the time they arrive and depart from their hotels.
As soon as the executive guest connects to the establishment's Wi-Fi network, the Darkhotel threat actors intercepts the network and sends fake or infected Flash updates and other software updates that are digitally signed to make it look authentic. When the executive connects and accepts the update from the pop-up message, he then downloads the counterfeit update and consequently get infected with malware. The attacker then gains access to global scale sensitive data from their prominent targets.
While this latest incident involves targets that stay in high-end hotels in Asia, these man-in-the-middle (MITM) attacks could also be used in other establishments as well. Open Wi-Fi is continuously being abused by attackers because users are not being careful enough.
In view of this incident, we strongly encourage users to be extra cautious when connecting to unknown public networks, especially in popular locations such as cafés, hotels, airports, and the like. If possible, it's recommended to use a virtual private network (VPN) to ensure a secure connection. Mobile devices come with VPN support out of the box and so do newer PC operating systems. In addition, be careful about updates and never download or install anything unless you verify that it's from a legitimate source.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report