A new advanced persistent threat (APT), known as DarkHotel, is now targeting C-level executives of major businesses. Instead of trying to compromise governments to steal state secrets, Dark Hotel is cleverly engineered to conduct corporate espionage, likely for a foreign state-sponsored group, utilizing poor wireless hotel security - a rather clever technique for when business leaders are staying in hotels.
Utilizing Flash zero-day exploits and using spear-phishing to compromise users, DarkHotel has been found to steal and re-use digital certificates that inject malicious code. The attacks have taken aim at business visitors in the United States, Japan, South Korea, India, mainland China, Russia, Germany, Hong Kong and Ireland.
"Just think about the playing field IT security professionals have to deal with, and why they need all the help they can get," said Joe Caruso, Global Digital Forensics (GDC) CEO and CTO. "There are mobile devices like smartphones and tablets being used more than ever before, all with seemingly endless choices of software and applications, and all providing a potential threat vector for cross-platform intrusions and attacks."