Friday, July 25, 2014
Hotel PCs can be infected with Keylogger Malware - ESET Warns Hotel Business Centers and Customers.
ESET, a global anti-virus, internet security and other proactive protection protection releases an alert to hotel business centers on keylogger malware .The keylogger malware steals banking and email passwords of the guests. Cyber criminals install keylogger malware on the computers and steal large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers. According to Help Net Security, The Department of Homeland Security and National Cyber security and Communications Integration Center (NCCIC) , United States issued an advisory to hotel companies on July 10, warning that criminal groups may be targeting hotel business centers with keylogger malware. This is what the NCCIC said in its advisory,
"In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,"
Keylogger malware warningDespite describing the attacks as "not sophisticated", the attackers' keylogger malware had a high impact, the NCCIC warns:
"The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers."The warning follows the arrest of suspects in Texas who had used keylogger malware to record the keystrokes of guests, and had successfully stolen details such as bank account passwords and email login credentials at several "major" hotel chains.
Tips for hotel chains to secure PCs in their business centers from Keylogger malware
- Create Non-administrator accounts for Guests. So that they have very basic privileges, and don't have the ability to install programs, download, and use external USB storages and CDs.
- Help Net Security (HNS) points out that much modern malware can install regardless of whether a user has administrator privileges . Thus it advises hotel guests to refrain from entering sensitive information such as banking passwords whilst on PCs in hotel business centers.
- The usual practice of hotel business centers routinely allowing users to plug in USB devices and CDs means that attackers can bypass many security measures.
- Security Affairs offers a detailed list of the NCCIC's recommendations for hotel chains - but concludes that the simplest solution is to avoid using any public computer for private affairs such as banking, warning "Cyber Criminals are behind you."
- For more details on Keylogger Malwares, Click Here