Kaspersky Lab experts have investigated a new series of attacks by the Darkhotel cybercriminal group. Featuring an Adobe Flash 0-day exploit from the Hacking Team breach, the attack also has a wider geographic reach. The first sighting of Darkhotel is mostly remembered for its unusual spreading mechanism. Along with peer-to-peer and other spreading tactics, this APT has for several years maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world.
In 2015, many of these techniques and activities - including the infiltration of hotel Wi-Fi to place backdoors in targets’ systems - remain in use. However we now find victims in other geographical regions, new variants of malicious .hta, .rar spearphishing attachments with right-to-left override (RTLO) method to fake files extensions and the deployment of a 0-day from Hacking Team.
It’s not only high profile targets, and more than the perimeter needs to be secured Darkhotel’s targeted attack modules, which infects hotel networks, show us that state-owned organizations or large enterprises with a lots of sensitive data are not the only targets. Relatively small businesses (like hotels in this case) can become a stepping stone to reach a target or even the aim itself.
Hotels aren't the only way to aim the corporate C-level managers and their secrets through third-party organizations. So even small and medium companies have to keep the risk of targeted attacks in mind.
Comments
Post a Comment