Criminals are using hotel wifi networks to hack the devices of business executives with the hope of gaining access to a company’s sensitive information, according to a new report.
The so-called “darkhotel” attack tricks hotel wifi users into downloading malicious software that appears to be a legitimate software update, security firm Kaspersky Lab said in a report published Monday.
When a guest downloads the backdoor virus, hackers install an advanced key-logging tool, which tracks passwords and other sensitive information, in an attempt to gain access to a corporate network.
The research found that corporate executives and CEOs – who were likely to have high-level security access – were being specifically targeted by the hackers.
“The trick is that the wifi infrastructure is being leveraged to find and target high-value executives from companies that present commercial interest to the attackers,” Costin Raiu, director of the global research and analysis team at Kaspersky Lab, told CNBC by phone.
“The focus in the first phase is to get wider access to the victim’s company. They understand the executive person might not have the specific information they want, but might have some information that will be useful.”
After the operation, the hackers delete their tools from the hotel network making an attack hard to detect in real time.
‘Thousands’ of infections
These types of attacks were first recorded in 2007, but activity spiked in August 2010 and has continued through to this year, the research found. Executives from electronics makers, pharmaceutical companies and military organizations were among the targets.
Kaspersky Lab said that about 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea, although attacks had been recorded elsewhere.
While the exact number of “darkhotel” attacks cannot be ascertained, Kaspersky predicted that the number since 2008 could be in the “thousands” with “hundreds” of hotels across the world compromised.
The key-logging tool’s code is written in Korean, but Kaspersky said this did not necessarily mean the hackers were from Korea. It was also difficult at this stage in the investigation to tell if the attacks were state-backed, Raiu added.
“We haven’t been able to answer whether it is state backed. On the one hand, we have an extremely sophisticated campaign targeting executives. These guys are technically competent. But on the other hand, their campaign is relying on a simple technique,” he told CNBC.
A number of different hotel chains were vulnerable to the attack, Raiu added, suggesting an issue with the wifi hardware.
“It is definitely not the same chain of hotels. The most promising theory is that the hotels are using a specific hardware that has vulnerability,” Raiu told CNBC.