by Staff Writers
Washington (AFP) Nov 10, 2014
Hackers have developed a scheme to steal sensitive information from top executives by penetrating the Wi-Fi networks of luxury hotels, security researchers said Monday.
A report by Kaspersky Lab said the "Darkhotel" espionage effort "has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad."
Kaspersky said about 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea, but that the executives targeted include those traveling from the United States and other countries.
"The infection count numbers in the thousands," the report said.
"The more interesting traveling targets include top executives from the US and Asia doing business and investment in the (Asia-Pacific) region."
The hackers are able to compromise hotel Wi-Fi networks, and to then trick executives into downloading malicious software that can allow their information to accessed remotely.
"These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; Gmail Notifier, Twitter, Facebook, Yahoo and Google login credentials; and other private information," the report said.
"Victims lose sensitive information -- likely the intellectual property of the business entities they represent. After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding."
Kaspersky researcher Kurt Baumgartner said the attacks are highly sophisticated.
"This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision," he said.
Targets have included corporate chief executives, senior vice presidents, sales and marketing directors and top research staff at companies in the electronics, defense manufacturing, finance, automotive and pharmaceutical industries, among others. Some law enforcement, military and non-governmental officials have also been targeted.
"From our observations, the highest volume of offensive activity on hotel networks started in August 2010 and continued through 2013, and we are investigating some 2014 hotel network events," Kaspersky said.
The researchers said the risk can be mitigated by using a virtual private network that protects data.
The security team said that travelers should be extra cautious about software updates and should use software with protection against a broad range of threats in addition to viruses.
Hackers could trick way into Apple gadgets: researcher
US-based FireEye maintained that "masque attacks" made possible by a vulnerability in software running iPhones, iPads and iPod touch devices posed "much bigger threats" than a recently disclosed WireLurker flaw patched by Apple.
"Masque attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet," FireEye said in a blog post.
"That means the attacker can steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI (user interface)."
Cyber crooks could prompt Apple gadget owners to install what deceptively claims to be an update to an existing application, such as a popular mobile game.
Instead of an update, users would get an application that mimics and replaces a legitimate program, sending information entered by users to hackers, according to FireEye.
FireEye said it alerted Apple to the vulnerability months ago and that the California-based company is working to fix it.
FireEye said that people can guard against trouble by only installing applications or updates through Apple's official online App Store.
The researchers advised people to never resort to using "install" prompts that pop up on third-party Web pages.
If opening an application on an Apple device triggers a message warning it was created by an "Untrusted App Developer," immediately remove the mini-program, FireEye advised.
Last week, researchers at cybersecurity firm Palo Alto Networks revealed a newly discovered family of malware that has the capacity to infect iPhones via Apple computers, posing a security threat to devices that have been largely resistant to cyber criminals.
The malware, dubbed WireLurker, "is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server," according to a report by the security firm, which added that "its creator's ultimate goal is not yet clear."
Apple, in a statement to AFP, said it had acted to block the malware.
As Apple computers and mobile devices have grown in popularity, they have become coveted targets for hackers eager to get to the ranks of users.
According to the researchers, WireLurker malware first infects a Mac computer, which uses the OS X operating system, and then installs itself on iOS devices -- iPads or iPhones -- when they are connected to the computers via USB ports.
The malware was traced back to a third-party Chinese app store.
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.|