Lawyers Jonathan Armstrong and Eric Sinrod recently released a TechLaw10 podcast on specific threats to international business travellers. “Business Travellers - Beware of Dark Hotel!” examines new research indicating that cybercriminals are targeting international travellers through laptops, phones and BYOD devices as a means to attack corporate networks.
A “dark hotel” is one where cybercriminals lie in wait to trick hotel Wi-Fi users into downloading malicious software that appears to be a legitimate update. These criminals hack business devices to gain access to corporate information or networks. These attacks, as outlined in the podcast, sometimes have two-stages, the first where the aim is to get travel information (hotel, flight) for an executive, and the second is the “dark hotel” when attackers hack into the stream of data executives are creating, to copy passwords, to copy disk data and much more.
This is another example of a targeted attack. These attacks are not being sent en masse as we saw previously with spam and phishing attacks, but are crafted for very specific individuals to increase the likelihood these attacks will work.
The podcast discusses the importance for organizations to educate executives to never update software on hotel networks (even when cabled in, not on WiFi) and to not immediately trust certificates or padlocks (since these can now be fooled). Policies, procedures and training all will need to reflect these new attack possibilities. Absolute Data & Device Security (DDS) was mentioned as a means to tracking if devices are entering “black hotel” high risk areas.
You can listen to the full podcast on Safe International Travel for Business Executives here.
TechLaw10 is a 10-minute audio podcast update from U.S. lawyer Eric Sinrod and UK lawyer Jonathan Armstrong where they share insights on developments where technology intersects with the law in the EU and the U.S. Check out the full series of podcasts here or subscribe on iTunes.