Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 31 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Hotel users warned about malware on public computers

by The Gurus
July 14, 2014
in Editor's News
Share on FacebookShare on Twitter

Hotel guests in the US have been warned about computers that are made available to guests in hotel business centres, which may be infected with keylogging malware.
 
Advisories have been issued by the US Secret Service to the hospitality industry after arrests were made of suspects who compromised computers within several major hotel business centres in the Dallas/Fort Worth areas, according to Brian Krebs.
 
“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning said.
 
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business centre’s computers.”
 
It warned that in some cases, the suspects used stolen credit cards to register as guests of the hotels and would access publicly available computers in the hotel business centre, log into their webmail accounts and execute malicious key logging software.
 
Jason Steer, director of technology strategy at FireEye, told IT Security Guru that this has been happening for years, and computers at airports and in hotels are “rife for crimeware”.
 
He said: “I was researching this six or seven years ago, where a Trojan harvested credentials from stock trading platforms. It harvested the details and sent them to the attacker who used them to move money out of accounts. “Users should be warned not to put anything sensitive on a computer that they do not trust.”
 
The advisory lists several basic recommendations for hotels to help secure public computers, such as limiting guest accounts to non-administrator accounts that do not have the ability to install or uninstall programs. This is a good all-purpose recommendation, but it won’t foil today’s keyloggers and malware — much of which will happily install on a regular user account just as easily as on an administrative one.
 
Brian Honan, CEO of BH Consulting, told IT Security Guru that he was surprised to see this article as it doesn’t propose anything ground breaking, or even a new threat. “Many information security professionals are fully aware of the threats posed by public Internet kiosks/PCs be they at hotels, conferences, or internet cafes. If you do not own the machine then you cannot fully trust it,” he said.
 
“Using public wifi, be that in a hotel or elsewhere, is also a risky proposition as you have no idea who else is on the same network and who could be monitoring or manipulating your traffic. Individuals should always employ a VPN when accessing systems over the internet. Where possible, two-factor authentication should be employed to help reduce the risk of key accounts becoming compromised.”
 
Toyin Adelakun, vice president at Sestus, said: “For end-users, the key take-away is, and has long been, to treat business-centre PCs and networks as hostile. Presume that they are malware-ridden and bug-infested, and always sniffing for your passwords and other personally-identifiable information (PII).
 
“If you had to use them, accord them a respectful suspicion, and do not use them to log onto any service that needs your private passwords. That means any service, such as email, social media, internet banking and online retail. Oh, and by the
way, it’s not just hotel business centres — it’s any business centre, computer showroom, internet café or airport lounge.”

FacebookTweetLinkedIn
Tags: KeyloggerMalware
ShareTweet
Previous Post

LastPass confirms flaws have been patched

Next Post

Brazilian users hit by "largest cyber crime heist in history"

Recent News

Purple spiral circle. Text reads "Centripetal", san-serif.

Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud

May 31, 2023
SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information