Espionage software steals data from top executives
Patricia Lourdes Viray (The Philippine Star) - November 12, 2014 - 12:29pm

MANILA, Philippines - A spying software of an espionage campaign called "Darkhotel" has been stealing sensitive data from corporate executives for almost four years.

The espionage crew targets top executives, such as chief executive officers, senior vice presidents and sales and marketing directors, traveling abroad while staying in luxury hotels. 

A report from the Global Research and Analysis Team of security software Kaspersky Lab revealed that the spying operations is done with "surgical precision" such that no traces are observed after stealing valuable data.

This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision," Kaspersky Lab Principal Security Researcher Kurt Baumgartner said.

The attackers wait for the target to connect to the hotel Wi-Fi network, submit his room number and surname upon login and then tricks the unsuspecting executive to  to download the "welcome package" which is actually a backdoor or spying software.

HOW TO STAY AWAY FROM THE DARKHOTEL TRICKS

1. Install a quality Internet security software
2. Maintain and update system software
3. Use trusted VPN tunnels when accessing public and semi-public WiFi
4. Consider executables shared over p2p networks suspicious
5. When traveling, consider software updates suspicious
6. Learn how to define spearphishing attacks
 

The backdoor will pretend to be an update for softwares such as Google Toolbar, Adobe Flash or Windows Messenger while it collects data, anti-malware software and cached passwords.

“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools,” Baumgartner said.

Kaspersky Lab discovered the inconsistency of Darkhotel's malicious activity and suggested measures to prevent being hacked.

"The attackers left a footprint in a string within their malicious code pointing to a Korean-speaking actor," the report said.

When traveling, individuals are encouraged to choose a virtual private network provider, always consider software updates as suspicious and make sure a proactive defense is installed in your computer rather that the basic antivirus protection.

ADOBE FLASH DARKHOTEL GLOBAL RESEARCH AND ANALYSIS TEAM GOOGLE TOOLBAR KASPERSKY LAB KASPERSKY LAB PRINCIPAL SECURITY RESEARCHER KURT BAUMGARTNER RTEINDENT1 SOFTWARE
  • Latest
Latest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

SIGN IN
or sign in with