EPT
The Darkhotel APT
Kastersky has identified hacking activities that target powerful executives and business personnel around the world by infecting hotel networks. Some exerpts:
Moreover, this crew's most unusual characteristic is that for several years the Darkhotel APT has maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world. These travelers are often top executives from a variety of industries doing business and outsourcing in the APAC region. Targets have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This hotel network intrusion set provides the attackers with precise global scale access to high value targets.
[...]
Victim categories include the following verticals:
[...]
When Kaspersky Lab researchers visited Darkhotel incident destinations with honeypot machines they did not attract Darkhotel attacks, which suggests the APT acts selectively.. Further work demonstrated just how careful these attackers were to hide their activity - as soon as a target was effectively infected, they deleted their tools from the hotel network staging point, maintaining a hidden status.
[...]
Victim categories include the following verticals:
- Very large electronics manufacturing
- Investment capital and private equity
- Pharmaceuticals
- Cosmetics and chemicals manufacturing offshoring and sales
- Automotive manufacturer offshoring services
- Automotive assembly, distribution, sales, and services
- Defense industrial base
- Law enforcement and military services
- Non-governmental organizations
[...]
When Kaspersky Lab researchers visited Darkhotel incident destinations with honeypot machines they did not attract Darkhotel attacks, which suggests the APT acts selectively.. Further work demonstrated just how careful these attackers were to hide their activity - as soon as a target was effectively infected, they deleted their tools from the hotel network staging point, maintaining a hidden status.
Read the rest of the article: https://securelist.com/blog/research/66779/the-darkhotel-apt/
Or the paper itself: https://securelist.com/files/2014/11/darkhotel_kl_07.11.pdf
It's interesting to read about just how vulnerable we really are to this sort of thing. How often do we click through the warnings when we connect to a public or unsecured network? Although at least one step involves tricking people into installing software, it looks like they may have used some particularly good ruses (tricking certificate authorities, or using 0-day vulnerabilities in Adobe Flash updater) to get their software onto the computers.
I'm pretty careful to use 2-step verification for email, not install random internet shit, and run virus scans fairly regularly. I wonder if there's more I should be doing to make sure I don't get hoodwinked, though. I'm not a high value target (it looks like this group selectively targeted business execs) so I don't have to worry much. What about you? what do you do to keep your computer secure?
