Kaspersky Lab has shone its security spotlight on a cyber-espionage campaign which has targeted (and still is targeting) top-level executives when they travel and stay in luxury hotels.
The so-called "Darkhotel" cyber-criminals have been lurking in the shadows hoovering up corporate secrets for at least four years, Kaspersky asserts. These attackers operate with "surgical precision", deleting all traces of their work, and never rip data off the same target twice to minimise any chances of being detected.
High-level American and Asian execs have apparently been the most recent targets, including CEOs, Senior VPs and Directors, with Darkhotel having its tendrils in the networks of said expensive hotels.
The scam works by detecting the login of a target victim exec on the hotel Wi-Fi network, and the attackers then trick him (or her) into downloading and installing what is on the face of it an update for Adobe Flash or similar legitimate software, but is in fact a backdoor.
The attackers can then put further malware on the machine via this backdoor, such as a keylogger or other tools designed to slurp up confidential company data, and grab details such as passwords for web services.
Once the sting has been pulled off, the team delete all their tools from hotel network, and no one is any the wiser – until now, that is.
Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, called the Darkhotel attacks "well beyond typical cybercriminal behaviour".
He noted that: "This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision."
So what can you do to protect yourself from this and other similar threats?
As ever, any public network – even supposedly secure, semi-private efforts like a hotel's – should not be trusted. Kaspersky gives some sensible advice, namely to connect via a VPN, make sure you have up to date security software, and above all, always view any update you're offered on such a network with suspicion. Indeed, we'd suggest it's likely best to wait until you're on a properly secure connection before you download any updates or software onto your machine.