As reported by Kaspersky, the Darkhotel spying campaign focused on data from business executives. The victims are partly precisely selected and targeted. These are mostly top managers from the USA and Asia who are traveling in the Asia-Pacific region. However, American victims are also affected.
Apparently the attackers know about the travel plans of their victims and infect in advance the network of the respective hotel. If the targeted victim then logs in with name and room number in the hotel WLAN, it is enticed to download a backdoor program disguised as an update for a standard software.
Afterwards, additional tools can be loaded onto the infected computer, which read out passwords and collect information about the system. Private and business data are stolen. Then the perpetrators clean the hotel network of their tracks.
The experts from Kaspersky assume that the attacks are targeted, as in the respective hotels only individuals are attacked, before the offenders withdraw. Even they themselves could not provoke a Darkhotel attack in a test.
In addition to the targeted attacks on individuals, Darkhotel also relies on an arbitrary distribution of malicious software via peer-to-peer networks. These attacks occur all over the world, and some victims are from the United States as well, according to Kaspersky Lab.
Traces of the Darkhotel attacks can be traced back to the year 2007. The campaign is still active. To protect itself, Kaspersky advises to distrust any network. In public or semi-public networks, an encrypted communication channel should be established as a precautions for VPNs (Virtual Private Networks). In addition, antivirus programs should ensure that these proactive protection technologies are used. This would better protect against emerging threats, says Kaspersky.
No comments:
Post a Comment