This week DarkHotel is on everyone’s mind, and for good reasons. For those who slept under a rock the last few days, DarkHotel is an insidious malware infection targeting high profile travelers staying at higher end hotels in mostly Asia and the US.
The bug was detected by Kaspersky Lab. Kaspersky Lab is a security research and software firm from Woburn, MA. According to Kaspersky Lab, DarkHotel is operated by a highly sophisticated entity with superior coding and crypto-graphical skills. The attackers are using two approaches; the first is to infect as many machines as possible using P2P probably to use them as bots, and the second, a highly specific approach targeting high-value travelers. The attackers infect the machines when the targets provide their name and room number to log on to a hotel’s Wi-Fi network. Instead of being directly connected to the Internet the attackers prompt the target to install a legitimate looking software update circumventing built-in defenses by using forged security certificates. Once a target’s computer is infected the attacker can command the infected device and/or gain access to confidential information such as login information, sensitive documents, etc., potentially causing millions of dollars in damages.
Currently the attack is ongoing, so are the efforts to stop it. It’s not clear how many hotel networks are affected. If you are part of the target group, and are traveling to Asia, your best defense is to either: not connect to public (hotel) Wi-Fi, or when you do connect, to be vigilant and use a VPN. Needless to say, installing software updates – no matter how legit they may look – is never a good idea while in non-secure environments.
Image Credit: Roman Boed