Connect with us

Featured

Hackers target hotels

Published

on

Kaspersky’s research of the RevengeHotels campaign aimed at the hospitality sector, has confirmed over 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks. Even more hotels are potentially affected across the globe. Travelers’ credit card data, which is stored in a hotel administration system, including those received from online travel agencies (OTAs), is at risk of being stolen and sold to criminals worldwide.

RevengeHotels is a campaign that includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has gone on to increase its presence in 2019. At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved.

The main attack vector in this campaign is emails with crafted malicious Word, Excel or PDF documents attached. Some of them exploit CVE-2017-0199, loading it using VBS and PowerShell scripts and then installing customised versions of various RATs and other custom malware, such as ProCC, on the victim’s machine that could later execute commands and set up remote access to the infected systems.

Each spear-phishing email was crafted with special attention to detail and usually impersonating real people from legitimate organisations making a fake booking request for a large group of people. It is worth noting that even careful users could be tricked to open and download attachments from such emails as they include an abundance of details (for instance, copies of legal documents and reasons for booking at the hotel) and looked convincing. The only detail that would reveal the attacker would be a typosquatting domain of the organisation.

phishing email sent to a hotel impersonating a booking request from an attorney’s office

Once infected, the computer could be accessed remotely not just by the cybercriminal group itself — evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis. Malware collected data from hospitality desk clipboards, printer spoolers and captured screenshots (this function was triggered using specific words in English or Portuguese). Because hotel personnel often copied clients’ credit card data from OTA’s in order to charge them, that data could also be compromised.

Kaspersky telemetry confirmed targets in Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. However, based on data extracted from Bit.ly, a popular link shortening service used by the attackers to spread malicious links, Kaspersky researchers assume that users from many other countries have at least accessed the malicious link – suggesting that the number of countries with potential victims could be higher.

“As users grow wary of how protected their data truly is, cybercriminals turn to small businesses, which are often not very well protected from cyberattacks and possess a concentration of personal data. Hoteliers and other small businesses dealing with customer data need to be more cautious and apply professional security solutions to avoid data leaks that could potentially not only affect customers, but also damage hotel reputations as well,” comments Dmitry Bestuzhev, Head of Global Research and Analysis Team, LatAm.

To stay safe, travelers are recommended to:

  • Use a virtual payment card for reservations made via OTAs, as these cards normally expire after a single charge
  • When paying for a reservation or checking out at hotel desks, use a virtual wallet, such as Apple Pay or Google Pay, or a secondary credit card with a limited amount of debit available

Hotel owners and management are also advised to follow these steps to secure customer data:

  • Conduct risk assessments of the existing network and implement regulations regarding how customers data is handled
  • Use a reliable security solution with web protection and application control functionality, such as Kaspersky Endpoint Security for Business. Web protection helps to block access to phishing and malicious websites while application control (in white list mode) allows to make sure that no application except the white listed ones can run on hospitality desk computers.
  • Introduce staff security awareness training to teach employees how to spot spear-phishing attempts and show the importance of remaining vigilant when working with incoming emails.

Read the full report, RevengeHotels: cybercrime targeting hotel desks worldwide, on Securelist.

Featured

Security issues grow with transition to smart TVs

Published

on

You can’t picture a modern home without smart equipment. Smart thermostats, smart refrigerators, robot vacuums, and smart TVs won’t surprise anyone these days. For example, around 70% of the TVs being sold worldwide are smart TVs. Although they bring more entertainment, these devices also carry new digital threats. 

Sometimes people forget that smart TVs are as vulnerable to cybercrime as their smartphones and computers. Daniel Markuson, the digital privacy expert at NordVPN, says that “although smart TVs are connected to the internet and have similar functions to computers, they aren’t equipped with the same security tools, which makes them easy prey for hackers.” 

What’s so scary about your TV getting hacked? As smart TVs gain more features, the amount of your private information they handle increases too. TVs aren’t just for watching movies and shows anymore. Now you can use them for web browsing, streaming video content, gaming, and even shopping online. 

To enjoy your smart TV to the fullest, you need to download various apps and games. These cost money, so you need your credit card details filled in. Putting your financial information, logins, and passwords on your TV makes it an appealing target for hacking. 

According to Daniel Markuson, a smart TV can be used to spy on its users. Hackers can access its camera and microphone through malware, which they can slip into your TV when it is connected to Wi-Fi. They can use footage from your bedroom or living room to blackmail you and your family. By watching your home and listening to your conversations, hackers know what goods you have, where you keep them when you’re away, and what your plans are. 

If you use your smart TV for web browsing, you can infect it with various viruses too, says the digital privacy expert at NordVPN. Like computers, smart TVs run on software, but they don’t have the same strong antivirus and firewall systems installed. Once your TV gets infected, your browsing history, passwords, and other private data become accessible to hackers. And they won’t miss the opportunity to use this information in ransomware attacks. 

Even though smart TVs are vulnerable to cyber threats, Daniel Markuson says there is no need to panic yet. The expert names a few simple principles every smart TV owner should follow to protect their device.

Always update your TV’s software whenever a new version becomes available. The expert says that software updates are crucial for cybersecurity as manufacturers do their best to patch vulnerabilities. Updates often repair security flaws, fix or remove various bugs, add new features, and improve the existing ones. Some TVs install updates automatically by default. With others, you may need to check for updates periodically to make sure your device runs on the latest version. 

Use available security measures such as a VPN. The best practice for any internet-connected device is to install a firewall and use a VPN such as NordVPN. It secures your device and lets you enjoy fast internet access with encryption-powered privacy.

Connect your smart TV to the internet only when needed. It isn’t necessary to have your TV connected to Wi-Fi all the time. To make it less vulnerable to hacker attacks, turn on the Wi-Fi connection only when you are using it.

Download apps from official stores only. Do not install any programs and games from unofficial sources on your smart TV. Make sure that both the app and its provider are reliable. Moreover, if an application asks for access to your data, camera, or microphone that isn’t necessary for its operation, never accept it.

Be careful with personal files and financial data. Shopping online on a big smart TV screen might be fun, but be careful providing your credit card details and other sensitive information this way. Although some manufacturers equip their TV sets with security features, they cannot guarantee safety online. “People who synchronize their smart TVs with their computers to access compatible media content should be especially cautious,” warns Daniel Markuson. The connection between your smart TV and your computer can be a weak link and lead to a data breach.

Use strong Wi-Fi passwords. This practice is the most obvious and the easiest to follow. Create a strong password to protect your Wi-Fi connection at home and don’t share it with any outsiders.

Turn off your TV camera when not in use. Whether it’s a built-in camera or the one connected to a TV via Wi-Fi, turn it off when not using it. If you can’t turn off your camera, use a piece of tape or a sticker over the camera lens to cover it. 

Continue Reading

Featured

Tech too complex? It stresses out even the tech-savvy

Published

on

Picture by hobvias sudoneighm on Flickr.

Even the savviest members of the tech industry get stressed by common devices that power their everyday lives, according to a recent poll conducted at CES 2020 by Asurion, the global leader in helping people connect, protect and enjoy their tech.

Survey screen by Asurion at CES 2020.

Asurion surveyed nearly 1,400 attendees of CES 2020, the world’s largest and most influential tech industry event, about their relationship with personal tech and their role as tech expert for family and friends. What the tech care company found is that even the tech-savvy, tech DIY’ers and early adopters stress out over some of the most ordinary devices in our hands and homes.

So, what tech tops the list of devices that stress out some of the consumer electronics industry’s tech enthusiasts?

  • Mesh routers and Wi-Fi networks (33%)
  • Phones (26%)
  • Smart home security systems (23%)

And, the tech-related activities that even the tech-savvy dread the most?

  • Troubleshooting a device that worked perfectly yesterday (39%)
  • Device security (27%)
  • Setting up devices (nearly 27%)

Asurion helps nearly 300 million customers worldwide unlock the potential of their tech with a team of over 10,000 Experts who are just a call, click or tap away. The company’s Experts provide ongoing tech support, same-day device repair, and same-day delivery and setup services. They’ll meet customers virtually, in-home, at select partner stores, and in more than 540 uBreakiFix stores across the country or wherever it’s convenient.

“The tech industry just spent four amazing days experiencing and celebrating the latest innovations in the future of tech,” said Teresa May, Senior Vice President and Chief Marketing Officer at Asurion. “What we heard is that even common tech tasks and devices can be challenging. Every day, our Experts help people across the country with their devices – everything from setting up a new phone to troubleshooting streaming issues on their smart TVs. Our CES poll reveals that the industry’s top tech innovators share the same pain points affecting millions of Americans.”

Asurion’s Experts received more than 18.5 million calls and chats from customers seeking tech help last year. And while the No. 1 question this holiday was a strong “How do I activate my new phone?” Asurion Experts also received many questions ranging from “How do I connect to Wi-Fi?” to “Can I sync my smart speakers to play them in tandem?”

And while the tech industry may have tech challenges of their own, they also get tapped by family and friends for help. Eight out of 10 attendees surveyed said their family and friends rely on them to help set up and troubleshoot their tech. Nearly two-thirds (63%) said they hesitate to gift tech to their loved ones because the recipient won’t know how to use it, and nearly half (46%) gave pause to gifting tech to family and friends because they didn’t want to be the one to help set it up.

Asurion CES Tech Poll

Consumer Tech Devices That Stress CES Attendees Out the Most

1. Mesh Routers and Wi-Fi Networks (33%)
2. Phones (26%)
3. Smart Home Security Systems (23%)
4. Smart Home Assistants/Hubs (20%)
5. Bluetooth Printers (19%)
6. Smart Home Automation (19%)
7. Laptops/Tablets (18%)
8. Smart TVs (17%)
9. Smart Appliances (14%)
10. Home Energy, Lighting and Switches (13%)

Tech Activities That Stress Out CES Attendees the Most

1. Troubleshooting Tech That Worked Perfectly Yesterday (39%)
2. Security (27%)
3. Setting up a Device (27%)
4. Privacy (23%)
5. Helping Others With Their Tech (20%)
6. Managing or Connecting Multiple Devices (19%)
7. Wi-Fi Connectivity (19%)
8. Paying for Personal Data Storage (18%)
9. Learning a New Operating System (17%)
10. Choosing Which Brand To Purchase (17%)

To learn more about where you can get tech support and protection, visit Asurion.com.

Continue Reading

Trending

Copyright © 2019 World Wide Worx