Old Hackers Bring New Tricks

DarkHotel Hackers Find New Ways to Trick Users

According to BleepingComputer, an old hacking group deemed DarkHotel is back with a few new tricks up their sleeves.  The group first began targeting high level executives in 2011.  The cyber criminals would wait for these individuals to connect to a hotel’s WiFi and trick them into downloading a malicious “update” to a well-known program, such as Adobe.  Once the victims downloaded the update, the hackers would steal information from their laptop and use it to compromise the company.

DarkHotel has been on hiatus for a few years, but new evidence suggests they’re back with a new attack approach.  Instead of attempting to execute malicious “update” attacks targeted towards company executives, the group is now targeting political officials with spear-phishing email attacks.  Within the email is a malicious executable file.  Upon clicking the file, a document is opened with a list of email addresses for various organizations located in North Korea.  The document is merely a decoy for the backdoor that is being left open for the hackers to gain access to additional information.

Not a New Approach

Although this is a new approach for the DarkHotel group, several other hacking entities have been targeting individuals with malicious emails for years.  Over the years, phishing scams have been a highly successful attack method for cyber criminals.  According to KnowBe4, Cisco released a report stating over the last three years, phishing scams have grossed revenues of $5.3 billion.  That’s nothing to shake a stick at.  Ransomware, which has been a hot topic lately has “only” grossed $1 billion in the last three years.

Related Reading  Blackbaud Attack Merits NPR Response

Tips to Stay Safe

It is important all individuals are aware of the cyber threats they’re facing on a daily basis.  Although ransomware has become a trending topic, it is not the only threat users face.  To avoid being the next victim, PC Matic recommends users take the following steps,

  1. Complete a cyber security training course.  The more users know about today’s threats, the less likely they are to be the next victim.
  2. Ensure operating systems are up to date.  New updates come out frequently for operating systems.  By confirming users have updated their systems, they know all known security vulnerabilities have been patched.
  3. Update all programs.  This means everything that is being used — programs for company use, recreational use, and security solutions.  Leaving your programs outdated is essentially leaving a backdoor open for hackers.  Don’t do it.
  4. Implement a security solution that uses application whitelisting as its primary method of malware detection.  If users were running PC Matic, and the DarkHotel group attempted to run the malicious executable file, it would not work.  This is because the malicious file would be categorized as “unknown”.  With application whitelisting, unknown files are blocked from executing until they can be tested and proven safe.  With this example, testing would be done and it would be found the file was malicious.  Therefore, it would not be allowed to run.

 3,321 total views,  1 views today

(Visited 1 times, 1 visits today)

2 thoughts on “Old Hackers Bring New Tricks

  1. Nice article!

    But, please fix minor grammatical error in article. The section that reads “attacks targeted towards company executes”, should really read “attacks targeted towards company executives”.


  2. While agreeing with the value of white lists over black lists, I cannot agree with the suggestion that one should always run the latest version of everything. In fact, I have not yet found a cogent defence of this spaltter-gun approach. If the hacker can actually reach your platform – your security has failed. Therefore I attach far more importance to having a truly effective fire wall, in combination with a strict ‘no click’ on every email attachment / unsolicited web page presentation. Simply updating all software (often having to endure the incompatibilities that this results in – cf Windows10) is nothing more than running to keep still. A safe cyber defence policy demands a more fundamental approach than simply updating software all the time. Oh, and did I mention the importance of backups, onto devices not attached physically to ones platform? This is part of a fundamental approach to cyber security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.