Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Korean-Speaking Cyberspies Targeting Corporate Execs Via Hotel Networks
Newest First  |  Oldest First  |  Threaded View
thibault.reuille
50%
50%
thibault.reuille,
User Rank: Apprentice
11/26/2014 | 5:17:30 PM
More confirmation....
Interesting perspective on the DarkHotel threat. The OpenDNS research team also recently unveiled some of their findings on the Labs blog. We've had a couple of researchers investigate on the matter. Glad to see we are not the only ones!
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/12/2014 | 8:39:21 AM
Re: Very dangerous
Good point. I think we are at a point where if you are a corporate exec travelling abroad on business  you should assume that there will be efforts to compromise your devices
SandraP573
50%
50%
SandraP573,
User Rank: Apprentice
11/12/2014 | 6:23:57 AM
breach
I don't know much about encryption to be honest  but i do know it is important and can save your data from loss and that is why i use encryption. Data protection is the software i use for encryption. Good software.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
11/11/2014 | 1:48:28 AM
Portable Satellite Terminals
It's time corporate execs stepped out of the hotel network world and into satellite broadband, particularly private satellite access.  It's surprising that, at the salaries many execs command and the revenue these companies are generating, portable satellite terminals are not more common.  Encrypted satellite access with high-speed Internet access is readily available.

Of course, while travelling, it's not uncommon for people to not want certain traffic to be going over their company network, so no matter how hard you try to secure your exec's line, you may still fail depending on what their extra-curricular Internet activities are.  Their choice, but the wrong one.

Which leads me to the assertion that execs who want to travel and use any type of electronic equipment to do business need to be locked down and locked out.  That is, if they want to access the Internet on a company device, then it has to be over secure satellite broadband, on a device that will not access certain sites or allow certain types of traffic.  If they want the extra-curricular stuff, they'll just have to find another device to do it on.

This is nothing shocking - I see wireless connections all the time at hotels that are named so close to the real network that you could easily make the mistake.  All the shadow has to do is emulate the password scheme (generally your room number or last name) or allow anything to act as a password, and they have you.  Tip to the wise:  Stay off all public networks while travelling, lock down your execs' devices, and encrypt all traffic and local data, just for the extra oomph. 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
11/10/2014 | 6:10:13 PM
Very dangerous
The discovery doesn't surprise me, the practice is old and it is managed by cyber spies and cyber criminals for a long time. Like Kurt Baumgartner, I'm surprised by the Darkhotel APT's indiscriminate backdoor spreading.

I have many doubts regarding the real origin of the specific APT


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.