August 8, 2017
Active for over a decade, "Dark Hotel" is once again targeting business travelers in luxury hotels through their WiFi. And no one knows, as yet, whether these are software exploits accomplished remotely or if hotel staff & vendors include infiltrators physically accessing hardware.
Their tactics are considered evolutionary, combining phishing/social engineering and one or more Trojans. The ony thing clear - and then, only generaly - is their targets: CEOs, upper-level corporate officials, and those involved in research and development personnel.
The phishing/social engineering part might begin with "carefully crafted phishing email targeted to one person" according to a BitDefender senior analyst.
An interesting and convincing email. With an email list, perhaps, of contacts in Pyongyang (North Korea). Phishing. Using social engineering arts to deliver a self-extracting archive like winword.exe, which opens a Trojan download once executed. Stage 2 has the malware running a legitimate Microsoft HTML Application host to download the second part, compromising the target.
But the deliveries are in stages, with the first hides malicious codes and strings inside a legitimate library code, and statically linking the two. This is where "evolutionary" appears. "Malware that updates." The multi-stage Trojan download keeps up with improvements in victims' defenses.
According to ZDNet, the "single target" nature of the phish points toward government and political targets. New tactics include new malware (known as Inexsmar) to attack political targets. Similarities in "payloads" are how the connection between DarkHotel and Inexsmar was made. It's espionage.
"Competitive" means Dark Hotel "never goes after the same target twice; they perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high profile individual" as a security team at Kaspersky put it.
The targets mentioned above were from the financial industry, pharmaceuticals and technology companies, as well as the military, police and "contractors". Once they connect to compromised hotel WiFi, they're tricked into downloading and installing what they think is an update for Google Toolbar, Adobe Flash or Windows Messenger, when it's actually a backdoor masquerading as legitimate.
At that point, the backdoor can download keyloggers, steal passwords by recording keystrokes and obtain sensitive, corporate information. The attackers delete their own tools, go back into hiding, and lurk while they waiting for the next target.
Some say "You can't fix stupid." But some of the smartest people can be fooled by well crafted phishing and social engineering. Every day we hear about another "exploit", and advice to "Get the latest updates NOW". It can happen even on a wired connection.But Social WiFi can improve your odds when hotels, restaurants, and other businesses take advantage of it. It also lets business owners "Know Customers Like Family". Even local small snall businesses can afford the additional security. We made sure of that.
A New Age In Free WiFi - May 9, 2017 WiFi Reported Dead - May 16, 2017 WiFi: Growing By Leaps & Bounds - May 23, 2017 WiFi: Analytics Offer Opportunities - May 30, 2017 Killing the Mall - June 6, 2017 Bringing A Knife To A Gunfight - June 13, 2017 MONETIZE YOUR WIFI - June 20, 2017 Poking The Hornet's Nest - June 27, 2017 The Age of Big Data - July 4, 2017 Stroking Out - July 11, 2017 Restaurant Wars - July 18, 2017 Go Boldly - July 25, 2017 Retail_Executives_Are_Killing_Sales - August 1, 2017 Moving Forward - August 8, 2017
77% of your customers own a smartphone.
69% use social media.
$ 97.00 (ad supported*) $ 125.00 (ad free*)*Terms & Conditions Apply
12 Month Term(Contracts Accepted)
For Month to Month Options:Call 602-618-6626
Mobile websites. SEO. Video & Social Media Marketing.
One App, Lots of Discounts, Lots of Reward Programs!
© 2017 LMX Communications, LP. All Rights Reserved