Are you worried that your guests may suffer cyberattacks committed by hackers specialized in hotels? Have you heard of hacker groups like Darkhotel APT? This group focuses on attacking hotels with high-level clientele, assuming a great threat in the sector. We tell you more details about it and how to improve prevention in your hotel.
What is the Darkhotel APT?
DarkHotel APT is the name given to a group of hackers, of Korean origin, who have been perpetrating sophisticated and serious computer attacks on luxury hotels around the world for 15 years, stealing important information from executives and other similar profiles.
In what lies the main danger of this organized group of cybercriminals? Especially in his ability to detect vulnerabilities in hotel Wi-Fi installations and take advantage of them to introduce malware, commit phishing and other types of computer attacks. All these actions can have very serious and terribly negative consequences for the security of your clients' data and the image or prestige of your hotel business.
How does this threat work?
The prestigious Kaspersky group, a world leader in cybersecurity, has carefully analyzed the latest blows from this group dedicated to advanced persistent threats (APT), reaching the following conclusions.
- They have the ability to combine two types of cyber attacks: The Phishing and malware. They create a new threat, much more powerful, dangerous and difficult to counter.
- DarkHotel uses a new form of phishing, called spear phishing, To get information from the victim through all the process. email-trap or an application that acts as a hook. In parallel, cybercriminals introduce a malware extremely malicious, with the goal of capturing even more sensitive guest data.
- Su modus operandi is:
- First They sabotage the hotel's Wi-Fily, after, wait patiently for a guest to connect, usually with your room number and last name.
- Later, the attackers they manage to deceive the victim, sending you a download link to update supposedly legitimate software. On many occasions, the client, convinced that it is a question of a Welcome pack of the hotel itself, falls into the trap and downloads the application on your computer: laptop, tablet, smartphone...
- Without suspecting it, the guest has already given free way for cybercriminals to insert a sophisticated Trojan into your computer, LLAMADA karba, able to steal all kinds of information by detecting keystrokes: bank passwords, credit card numbers and even confidential company information.
- Sometimes, a second malware infection with the aim of stealing previously selected high-value data.
- Following, the Hackers erase any trace or evidence from the hotel network that can be used to locate them.
Keep learning: 7 key tips to improve the security of your WiFi networks
What types of Darkhotel attacks exist?
Darkhotel attacks have evolved over time. They started in 2007 with the sabotage of Wi-Fi systems in hotels with Trojans like Tapaoux. Gradually, they began to be more selective in their targets. As of 2016, they have returned to the fray with powerful phishing campaigns and massive P2P file infections, especially through the Inexsmar malware.
It may interest you: Types of hotel cybersecurity attacks and how to prevent them
Darkhotel APT attack example
One of the most recent cyberattacks by this sophisticated group has taken place on luxury hotels in Macau, China, including the Wynn Palace and the Grand Coloane Resort.
It was a spear phishing campaign that began at the end of 2021, with the sending of emails with malicious macros in Excel files to hotel management. Specifically, fake emails were sent to 17 different hotels, which allegedly came from the Macau Government Tourism Office. The goal was to collect information about who was staying at the hotels.
It may interest you: Technology providers for hotels: why trust specialized companies
Tips to protect yourself against these organized attacks
Do you want to protect yourself from attacks by groups like DarkHotel APT? Following these tips can be very helpful:
- Start training and awareness campaigns employees and guests about the different computer threats and how to prevent them.
- Install quality antivirus software, with the advice of companies specialized in IT security in hotels.
- Use additional protection systems, such as a Reliable VPN.
- Pay the utmost attention and be very cautious with executable files and those shared through P2P networks.
- Keep all your hotel software duly updated.
Cerium, your partner in hotel cybersecurity
Cyber attacks on hotels are increasingly sophisticated and difficult to prevent and combat. For this reason, to guarantee the security of your hotel networks and systems, it is essential to have the help and advice of a cybersecurity partner specialized in the hotel sector such as Cerium
Cerium has an effective and complete cybersecurity solution suite adapted to the particularities of each type of hotel, taking into account their technologies and the possible security breaches that groups such as Darkhotel APT can take advantage of.
Among our services are:
- Offensive security: pentesting and audits.
- Perimeter security: certified technicians in the main Firewall UTM brands.
- Defensive security: fortification of hotel infrastructure systems and services through defensive products and monitoring.
- Value services: Anti DDoS management, SOC/SIEM, traffic monitoring, review of system logs in search of anomalies, virus detection...
Do we talk?
