Imagine that you’re returning to your hotel after a long day of business meetings. You want to catch up on emails and a few tasks before you hit the hay, so you pull out your laptop and log on to the hotel’s Wi-Fi. As soon as you sign in, you’re notified that you need to update an important piece of software — perhaps your Adobe Reader or Google Toolbar. You know that updates are important for security so you start the download.
And just like that, you’ve just become the latest victim of cybercrime.
Darkhotel: Targeted and Undetectable
Cyberattacks are generally either targeted, in which the criminals go after a specific victim, or indiscriminate and opportunistic, in which the criminals attack at random on a large scale and take whatever they can get.
According to security experts, a new attack focusing on luxury hotels appears to be a targeted attack, specifically on high-profile, high-net-worth individuals staying at luxury hotels. Dubbed “Darkhotel,” and discovered in early November, investigators suspect that the criminals were able to hack into a hotel’s Wi-Fi network, and then they waited for certain individuals to log on to the hotel’s Wi-Fi. Once the target’s room number and last name appeared on the network, the hackers would launch their attack, which appeared to be an alert to the user to download an update. Of course, the “update” was actually malware that was designed to steal information from the computer, including files and corporate network login information, and in some cases, delete information.
What makes this particular type of attack different, though, is that the per
petrators were able to slip in and out of the hotel network undetected, for several years. In most cases, investigators believe, the attackers would attack when they knew the target was staying at a particular hotel, and after launching the attack, remove the tools without leaving a trace. No one knows for sure exactly how many executives were targeted during the Darkhotel scheme, but investigators do believe that travelers from all over the world, including the U.S., were affected.
Hotel IT security teams are dismissing reports of a large-scale cyber-attack on specific guests, noting that they employ a number of tools, including encryption, to prevent something like this from occurring. Regardless, the news of Darkhotel should serve as a reminder to business travelers and their employers that protecting corporate networks and data doesn’t stop at the perimeter of the building.
Protecting Yourself on the Go
Since it’s inevitable that you will have to work outside of the office at some point, it’s important to implement a few important practices to ensure the security of your sensitive data. To that end, travelers should:
- Install virus protection, and keep it up-to-date.
- Use caution when logging on to public Wi-Fi, even on dedicated hotel networks. Confirm the name (and spelling) of the official, secure network and pay close attention when logging on. Criminals often create spoof networks with similar names in order to spy on users. Better yet, if possible, use a virtual private network (VPN) to send and receive sensitive data.
- Confirm that downloads are legitimate before hitting “Run.” Because programs like Adobe have updates on a regular basis, it’s easy to think that any notification is legitimate — and criminals are counting on that. Confirm that you actually need the update first to avoid infection born of the best intentions.
- Employ two-factor authentication when possible.
- Invest in encryption. Data should be encrypted both during transit and in storage. That way, if it does fall into the wrong hands, it will be all but useless.
- Consider what you keep on your devices when you travel. Ask yourself “If this was lost or stolen, what would the consequences be?” In other words, invest in alternative storage or use the cloud to store most of your data, and only keep the files that you absolutely need on your computer. That way, if your machine is lost or stolen, you won’t need to worry about anyone accessing your entire customer database. Of course, make sure to use a secured cloud network.
- Be cautious of how much information you share publicly about your trips. In the case of Darkhotel, investigators are concerned about how the hackers discovered who was staying where and when, leading them to believe that the hotel’s business networks have been compromised, but still, you should only share your specific travel plans on a “need to know” basis.
As of now, it appears that Darkhotel only attacked high-profile individuals from major corporations However, businesses of all sizes are vulnerable to attack, so don’t think you are immune to an issue because you are small. Take precautions while traveling no matter how big your company is, and prevent a simple mistake from turning into a major data breach.