You may be a top notch executive of an important company with many secrets buried under your veritable and pleasing exterior. You have covered your tracks well and sealed any loophole or lacunae while conducting your business. However what if the five star hotels in which you retire after a hectic day of commercial engagement is compromised?
The past four years has seen a group of sophisticated hackers who have compromised the network of luxury hotels and use it as a base to launch malware attacks against commercial executives and entrepreneurs traveling on big business in the Asia-Pacific region.
The modus operandi of these cyberespionage groups, which has been christened as Darkhotel by researchers from Kaspersky Lab is simple- it operates by introduces malicious code in the web portals which are used by the guests to log into local network to access the internet.
The infections are not permanent and are meant to target particular guests by prompting them to download trojanized updates for popular software applications. Subsequently the malicious software deploys malware implants which then download and install digitally-signed information-stealing programs.
The Kaspersky Lab researchers said in a report released Monday, “This group of attackers seems to know in advance when these individuals will arrive and depart from their high-end hotels. The attackers lie in wait until the travelers arrive and connect to the Internet, the researchers said.”
Once the victim checks out of the hotel, the hackers disable the malicious code introduced into the Hotel network portal and clear their tracks.
The Kaspersky researchers said, “Those portals are now reviewed, cleaned and undergoing a further review and hardening process.”
The Darkhotel group is remarkable since it uses a blend of highly targeted and non-targeted, botnet-style attacks. The way in which the group works which includes highly complex tasks of cracking digital certificate keys combined with the use of zero-day vulnerabilities shows that it is a highly sophisticated team of developers.
The Kaspersky Lab researchers said in a blog post, “Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more Darkhotel activity in the coming years.”