Act on the business hotel threat
Richard Cassidy reacts to news that business travellers have been tracked via hotel WiFi
Kaspersky has revealed research suggesting that executives are being tracked by an advanced persistent threat (APT) group when they log into wireless networks at luxury hotels.
We have seen many similar attacks across the industry over a long time. The threat propagated by this specific hacker cell is not limited to WiFi, nor is it restricted to hotel chain networks.
Ultimately, it relies on the end user agreeing to install malware, either through a falsely advertised software update to common applications the user might have running on their system, or through downloads of files over P2P networks when the user is accessing data that really shouldn't be accessed via corporate systems in the first place.
What is interesting here is how it targets the victim. A great deal of information seems to be gathered ahead of time by the malware, so the message to the user (typical in spear phishing attacks) is more directed, and therefore more likely to dupe the user.
It is reasonable to assume that internet portals at the affected locations are compromised and in many cases they may allow cell access to back-end systems to harvest more user data, and in other cases they may infect that portal with code to facilitate the attack – deleting all trace afterwards.
In this respect we are seeing a sophisticated attack on the target networks by this cell, which has put a great deal of thought into what information is wanted, who it is targeting, and how to write malware with the best chance of getting what it's after.
Many individuals will look to what additional security controls might help prevent this type of attack. Companies will have their own software update process for common applications using internal systems.
A business traveller should ensure he or she has the right secure connections back to the corporate update networks, and trust them only when it comes to patch management and application update controls.
Unfortunately, if you were hit by this specific malware, VPN connections to corporate data would also be at risk, given that the malware propagates the data locally from the infected machine before forwarding it to its intended destination.
There are many tools for hosts that can limit the risk across corporate systems. However, greater care should be taken when installing software or downloading files on corporate devices, especially if the files are from untrusted sources, including P2P networks or redirected URL links.
These attacks are certainly not new, but they demonstrate the need for more education across all levels within organisations. In-house IT security teams can help only when users understand the common attack tools and methods and what to look out for when working outside the corporate network.
This threat also highlights a need for wireless access providers to deploy the best possible security internally, reducing the risk to users from poorly protected portals, access points and back-end networks.
There is only so much that end users can do in the overall chain of security protection; it has to be a shared responsibility across the entire infrastructure.
Richard Cassidy is senior solutions architect at Alert Logic