'Darkhotel' Hack: A Warning for Businesses, Travelers
The recently revealed "Darkhotel" hack has been responsible for stealing data from U.S. corporate executives, all via hotel Wi-Fi.
Security research firm Kasperksy Lab reported Monday that "Darkhotel" used compromised hotel Wi-Fi networks to trick hotel guests into installing seemingly innocuous updates for standard software which are actually malware. From there, CNET reports, hackers can access the infected computers through a "backdoor" and access all kinds of sensitive and personal data.
How can you protect your business and employees from falling victim to something like "Darkhotel?"
Consider Equipping Employees With Mobile Wi-Fi
Part of the success of the "Darkhotel" hack was the ease of using hotel Wi-Fi for the corporate traveler. Many hotels have come to offer Wi-Fi in their rooms for free or at little cost, but you or your employees have no way of knowing whether that hotel network has been compromised. According to CNET, the majority of "Darkhotel" attacks have occurred in Asia, but it could just as easily impact domestic business travelers.
AT&T, Verizon, and T-Mobile all offer mobile Wi-Fi hotspot devices which use cellular signals to create an ad-hoc Wi-Fi network. Smartphones can also be configured to generate a Wi-Fi connection using cellular data (also called tethering), which may be a quick alternative to questionable hotel Wi-Fi.
Consider Using a Virtual Private Network (VPN)
Kaspersky Labs recommends using a virtual private network (VPN) whenever you're on public or semi-public Wi-Fi, like at a hotel. VPNs can be easily set up by your company's IT administrators, even if you've outsourced them. Once set up, these VPNs can provide secure channels of Internet access regardless of the Wi-Fi network.
Consider Training Employees About Malware
As part of your business' strategy against hackers, you should be training your employees not to click on suspicious links or install random updates and/or software. Because all it takes is one infected computer on your business' network to cause a massive data breach which your company may be liable for, you need to make sure that every employee knows how to sniff out a hacking attempt.
If your employees are outfitted with work laptops, limiting their user accounts to prohibit installing new software/updates can easily stymie the "infection" step of most hacks.
Don't let your next company trip be your business' undoing: Be smart about using hotel Wi-Fi.
Follow FindLaw for Consumers on Google+.
Related Resources:
- "DarkHotel" uses bogus crypto certificates to snare Wi-Fi-connected execs (Ars Technica)
- Customer ID Theft: Are Businesses Liable? (FindLaw's Free Enterprise)
- Cost of a Small Business Cyberattack: $9K (FindLaw's Free Enterprise)
- 'Heartbleed' Flaw: What Businesses Need to Know (FindLaw's Free Enterprise)