SAN FRANCISCO: A Russian hacking group “APT28” is targeting the hospitality sector globally and the Indian hotels and resorts must have strong Wi-Fi security in place to safeguard travellers‘ data from being stolen, a cyber security company said on Friday.
APT28 uses various hacking techniques, such as “EternalBlue” and “Responder” sniffing passwords from Wi-Fi traffic.“One of the most concerning aspects of this operation is the victims included hotel guests who didn’t do anything wrong. They didn’t click a malicious link or open an attachment they shouldn’t have. They simply used the Internet over Wi-Fi in their hotels,” Subhendu Sahu, Acting Country Manager for India, FireEye, told IANS.
“Indian organisations should have strong security controls in place to detect attackers who compromise travelling employees’ systems and then follow them home like an unwanted souvenir,” Sahu added.
FireEye has claimed to have found a malicious document named “Hotel_Reservation_Form.doc”, sent in spear phishing emails to multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country.
According to FireEye, APT28, in an incident in 2016, gained initial access to a victim’s network via credentials likely stolen from the hotel Wi-Fi network and hacked the victim’s Outlook Web Access (OWA) account.Read also
“Cyber espionage activity against the hospitality industry is typically focused on collecting information on or from hotel guests of interest rather than on the hotel industry itself, though actors may also collect information on the hotel as a means of facilitating operations,” FireEye said.
“Business and government personnel who are travelling often rely on systems to conduct business other than those at their home office, and may be unfamiliar with threats posed while abroad,” it added.