Russian-based hacking organization APT28 is believed to be behind a new campaign targeting the hospitality sector, specifically travelers to hotels in Europe and the Middle East, according to cybersecurity company FireEye.
FireEye said it uncovered a malicious document sent in spear phishing emails to multiple companies in the hospitality industry. Successful execution of the macro within the malicious document results in the installation of APT28’s signature GAMEFISH malware.
The incident has a unique spin – APT28 is "leveraging less secure hotel Wi-Fi networks to steal credentials and a NetBIOS Name Service poisoning utility to escalate privileges," reports FireEye. Upon gaining access to the machines connected to corporate and guest Wi-Fi networks, the group can eventually compromise credentials, FireEye explained.
Hotels are an easy target for hackers because they tend to lack advanced security measures and hold huge amounts of personal data and credit card information.
Add to that the fact that groups like APT28 spend untold amounts of time and money figuring out how to outsmart the best cybersecurity systems, and you have a dangerous combination. In July, Trump International Hotels Management confirmed it was the victim of the third data breach involving the hotel chain since May 2015.
Companies that employ workers that travel frequently may want to warn those employees against the use of public Wi-Fi networks while traveling. Cyber criminals that breach employee accounts could conceivably find their way into the corporate network as well. Experts suggest people avoid using public Wi-Fi without a VPN when possible, and especially avoid using it to share sensitive data.