DarkHotel Malware Emphasizes the Importance of Using Secure Networks While Travelling
Last year, we talked about the importance of ensuring security when connecting to public Wi-Fi networks while travelling. We discovered that many of us fail to consider our security when it comes to connecting to the Internet in a foreign destination. What users don’t know is that open or complimentary Wi-Fi connections used in establishments can only provide a certain amount of protection against possible attacks.
Recently, it was found that a long-running cyber espionage campaign called DarkHotel has been targeting corporate executives who travel to the Asia-Pacific region since at least 2007. According to reports, attackers can seemingly identify their targets, including the time they arrive and depart from their hotels.
As soon as the executive guest connects to the establishment's Wi-Fi network, the Darkhotel threat actors intercepts the network and sends fake or infected Flash updates and other software updates that are digitally signed to make it look authentic. When the executive connects and accepts the update from the pop-up message, he then downloads the counterfeit update and consequently get infected with malware. The attacker then gains access to global scale sensitive data from their prominent targets.
While this latest incident involves targets that stay in high-end hotels in Asia, these man-in-the-middle (MITM) attacks could also be used in other establishments as well. Open Wi-Fi is continuously being abused by attackers because users are not being careful enough.
In view of this incident, we strongly encourage users to be extra cautious when connecting to unknown public networks, especially in popular locations such as cafés, hotels, airports, and the like. If possible, it's recommended to use a virtual private network (VPN) to ensure a secure connection. Mobile devices come with VPN support out of the box and so do newer PC operating systems. In addition, be careful about updates and never download or install anything unless you verify that it's from a legitimate source.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale