Monday, 21 August 2017

On 02:23 by admin   No comments
Disruption of hotel internet sites in seven European countries and Israel is due to be hurt by an ATP28 hacker group from Russia, which is also suspected of attempting to influence last year's US presidential election. According to FireEye, the attackers focused on several hospitality companies and specific hotel networks.

"There are some indications that hackers were actually looking for a way to get into the facilities of government officials and sales representatives using the Wi-Fi hotel network," said. The attacked countries did not specify.

The attack had the same scenario in all cases. The hackers sent an e-mail to the selected hotel staff with an enclosed Hotel_Reservation_Form.doc file containing macros. Through them, the ATP28 group has spread GameFish malware. It is a backdoor that the attackers used in a recent cyber campaign against Montenegro before joining NATO.

As soon as hackers gained access to the Wi-Fi hotel network, they exploited the EternalBlue SMB exploit, which was used to spread the WannaCry and Petya ransom campaigns.

It took 12 hours to control the laptop

The group also used the Responder tool to send us usernames and passwords from infected computers to a remote control server. In one specific case that happened already in 2016, it was enough for the victim to join the hotel network, and in just twelve hours the ATP28 group controlled its facilities and used its content.

Normally, these attacks take place remotely, but in this case the attacker was apparently connected to the same network as his victim, so he was physically close to him.

This is not the only harmful campaign targeting customers of large hotel networks in Europe. Also known is the case of DarkHotel malware, which was linked to information about government affairs in South Korea, as well as Duqu 2.0, which focused on guests of European hotels who negotiated with the West representatives on the Iranian nuclear program. Security experts assume that in these cases government-hired hackers from Russia and China were involved.

Public Wi-Fi is a danger, says an expert

"Public Wi-Fi networks pose a great risk anywhere, not only in hotels. By using such a network, the user is at risk of infiltrating various types of malicious code. Attackers do not have to focus only on government officials and representatives of large companies, they can also spread scams, "says Václav Zubr, ESET security expert. "The biggest danger is in open Wi-Fi networks that can be connected without entering a password. However, secured networks can also pose a risk, "he adds.

According to Zubr, it is better to use your own data access to the Internet or a private Wi-Fi network that can not be used by the public. "The risk is not just in hotels. It also features public Wi-Fi networks and hotspots at railway stations, airports, shopping centers or public transport. It's no exception that hackers themselves will create a Wi-Fi network that they will open to the public to attack their users, "warns Václav Zubr.


Post a comment