Keyloggers found at hotel business centers, US Secret Service warns
Posted on 14 July 2014.
In the wake of the arrest of a group of people suspected of having compromised computers in hotel business centers in Texas, the US Secret Service and the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) have sent out an advisory to hospitality industry firms urging them to secure their public computers.


This particular gang used stolen credit cards to register as guests at the hotels in question, and then freely used the computers in the hotel business center. They would log into their Gmail account, download from it and execute key logging software.

"The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts. The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers," the advisory states.

"The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software. The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guests' information."

The NCCIC is advising hospitality companies to, among other things, limit guest accounts to non-administrator accounts, so that attackers can't download and install malware, but Brian Krebs pointed out that this is not a solution for foiling today’s keyloggers and malware.

There is no foolproof way to protect systems from skilled attackers that have physical access to them, he says, so the onus is on the users to keep their data secure. For one, they should always assume that a computer that doesn't belong to them isn't secure, and should abstain from performing any action that could compromise their private and financial information, as well as account credentials.









Spotlight

The Software Assurance Marketplace: A response to a challenging problem

Posted on 20 October 2014.  |  The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has recognized how critical the state of software security is to the DHS mission.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //