Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyberspies target APAC execs in luxury hotels

Brian Karlovsky | Nov. 12, 2014
"Darkhotel" is used for for stealing sensitive data from selected corporate executives.

These include defence industrial base, government and non-governmental Organisations.

At the other end of the spectrum, malware can be spread indiscriminately via Japanese P2P (peer-to-peer) file-sharing sites.

The malware is delivered as part of a large RAR archive that purports to offer sexual content, but installs a backdoor Trojan that allows attackers to perform a mass surveillance campaign. This Darkhotel package was downloaded over 30,000 times in less than six months. Baumgartner said the mix of both targeted and indiscriminate attacks was becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools. According to Kaspersky, the attackers left a footprint in a string within their malicious code pointing to a Korean-speaking actor.

The campaign has targeted thousands of victims worldwide, with 90 per cent of identified infections in Japan, Taiwan, China, Russia and Hong Kong, alongside smaller infection rates from victims in Germany, the USA, Indonesia, India, and Ireland.

To reduce vulnerability to attacks when traveling, any network, even semi-private ones in hotels, should be viewed as potentially dangerous. Kaspersky recommends that users choose a Virtual Private Network (VPN) provider -- you will get an encrypted communication channel when accessing public or semi-public wi-fi. Always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor.

Make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection, use two-factor authentication for e-mail and other confidential services and finally use strong, unique passwords for each resource you access.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.