DarkHotel Hackers Find New Ways to Trick Users
According to BleepingComputer, an old hacking group deemed DarkHotel is back with a few new tricks up their sleeves. The group first began targeting high level executives in 2011. The cyber criminals would wait for these individuals to connect to a hotel’s WiFi and trick them into downloading a malicious “update” to a well-known program, such as Adobe. Once the victims downloaded the update, the hackers would steal information from their laptop and use it to compromise the company.
DarkHotel has been on hiatus for a few years, but new evidence suggests they’re back with a new attack approach. Instead of attempting to execute malicious “update” attacks targeted towards company executives, the group is now targeting political officials with spear-phishing email attacks. Within the email is a malicious executable file. Upon clicking the file, a document is opened with a list of email addresses for various organizations located in North Korea. The document is merely a decoy for the backdoor that is being left open for the hackers to gain access to additional information.
Not a New Approach
Although this is a new approach for the DarkHotel group, several other hacking entities have been targeting individuals with malicious emails for years. Over the years, phishing scams have been a highly successful attack method for cyber criminals. According to KnowBe4, Cisco released a report stating over the last three years, phishing scams have grossed revenues of $5.3 billion. That’s nothing to shake a stick at. Ransomware, which has been a hot topic lately has “only” grossed $1 billion in the last three years.
Tips to Stay Safe
It is important all individuals are aware of the cyber threats they’re facing on a daily basis. Although ransomware has become a trending topic, it is not the only threat users face. To avoid being the next victim, PC Matic recommends users take the following steps,
- Complete a cyber security training course. The more users know about today’s threats, the less likely they are to be the next victim.
- Ensure operating systems are up to date. New updates come out frequently for operating systems. By confirming users have updated their systems, they know all known security vulnerabilities have been patched.
- Update all programs. This means everything that is being used — programs for company use, recreational use, and security solutions. Leaving your programs outdated is essentially leaving a backdoor open for hackers. Don’t do it.
- Implement a security solution that uses application whitelisting as its primary method of malware detection. If users were running PC Matic, and the DarkHotel group attempted to run the malicious executable file, it would not work. This is because the malicious file would be categorized as “unknown”. With application whitelisting, unknown files are blocked from executing until they can be tested and proven safe. With this example, testing would be done and it would be found the file was malicious. Therefore, it would not be allowed to run.