Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Korean-Speaking Cyberspies Targeting Corporate Execs Via Hotel Networks
Newest First  |  Oldest First  |  Threaded View
thibault.reuille
thibault.reuille,
User Rank: Apprentice
11/26/2014 | 5:17:30 PM
More confirmation....
Interesting perspective on the DarkHotel threat. The OpenDNS research team also recently unveiled some of their findings on the Labs blog. We've had a couple of researchers investigate on the matter. Glad to see we are not the only ones!
Bprince
Bprince,
User Rank: Ninja
11/12/2014 | 8:39:21 AM
Re: Very dangerous
Good point. I think we are at a point where if you are a corporate exec travelling abroad on business  you should assume that there will be efforts to compromise your devices
SandraP573
SandraP573,
User Rank: Apprentice
11/12/2014 | 6:23:57 AM
breach
I don't know much about encryption to be honest  but i do know it is important and can save your data from loss and that is why i use encryption. Data protection is the software i use for encryption. Good software.
RetiredUser
RetiredUser,
User Rank: Ninja
11/11/2014 | 1:48:28 AM
Portable Satellite Terminals
It's time corporate execs stepped out of the hotel network world and into satellite broadband, particularly private satellite access.  It's surprising that, at the salaries many execs command and the revenue these companies are generating, portable satellite terminals are not more common.  Encrypted satellite access with high-speed Internet access is readily available.

Of course, while travelling, it's not uncommon for people to not want certain traffic to be going over their company network, so no matter how hard you try to secure your exec's line, you may still fail depending on what their extra-curricular Internet activities are.  Their choice, but the wrong one.

Which leads me to the assertion that execs who want to travel and use any type of electronic equipment to do business need to be locked down and locked out.  That is, if they want to access the Internet on a company device, then it has to be over secure satellite broadband, on a device that will not access certain sites or allow certain types of traffic.  If they want the extra-curricular stuff, they'll just have to find another device to do it on.

This is nothing shocking - I see wireless connections all the time at hotels that are named so close to the real network that you could easily make the mistake.  All the shadow has to do is emulate the password scheme (generally your room number or last name) or allow anything to act as a password, and they have you.  Tip to the wise:  Stay off all public networks while travelling, lock down your execs' devices, and encrypt all traffic and local data, just for the extra oomph. 
securityaffairs
securityaffairs,
User Rank: Ninja
11/10/2014 | 6:10:13 PM
Very dangerous
The discovery doesn't surprise me, the practice is old and it is managed by cyber spies and cyber criminals for a long time. Like Kurt Baumgartner, I'm surprised by the Darkhotel APT's indiscriminate backdoor spreading.

I have many doubts regarding the real origin of the specific APT


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26979
PUBLISHED: 2022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
CVE-2022-27944
PUBLISHED: 2022-08-06
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
CVE-2022-2688
PUBLISHED: 2022-08-06
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be...
CVE-2022-2689
PUBLISHED: 2022-08-06
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch t...
CVE-2022-2690
PUBLISHED: 2022-08-06
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The...