A hacking group appears to have targeted government and business leaders taking summer holidays, through a hacking campaign focused on hotels in Europe and the Middle East, FireEye reports.
The security company said that is has discovered a campaign that targeted hotels in Europe and the Middle East, that appears to be an attempt to compromise hotel's guest WiFi networks in order to spy on holiday makers.
FireEye said that the campaign seems to be the work of the APT28 hacking group, which it believes is a state-sponsored group run by a Russian intelligence agency.
APT28, AKA Fancy Bear, has previously attacked government targets in Europe and the US. The latest campaign against the hospitality sector appears to have started in the Autumn last year.
FireEye uncovered a malicious document that was used to target multiple companies in the hospitality industry including hotels in at least seven European countries and one Middle Eastern country. APT28 is using targeting techniques such as sniffing passwords from Wi-Fi traffic and by poisoning the NetBIOS Name Service and spreading laterally via the ETERNALBLUE exploit, vulnerability in Microsoft's Windows operating systems.
The security company said that the activity appears to be geared towards collecting information from guests, through hotel's WiFi networks. Credentials could be stolen from compromised networks either remotely or by an attack PC on the same WiFi network.
"The last thing holidaymakers want to think about on their vacation is falling victim to a cyber-attack, but unfortunately our analysis shows that they are being targeted. The hospitality industry may not be one that immediately comes to mind when talking about cyber security attacks, but this just goes to show that all businesses need to have effective defenses in place. This is especially true in regions like the GCC where tourism is an important part of the economy," said Mohammed Abukhater, Regional Director, Middle East and Africa, FireEye.
(c) 2017 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info)., source Middle East & North African Newspapers