Hotel business centers are a threat to your cyber security

A recent advisory issued by the Secret Service warns about cybercriminals infecting hotel business center PCs with keylogging malware.

The hospitality industry is an easy target, and all property managers and owners should inspect the computers that are available to hotel guests in their business centers. There hackers compromise the publicly available PCs with keylogging malware to steal personal and financial data.

The Department of Homeland Security/Secret Service advisory was issued on July 10, 2014. This was a non-public advisory distributed to the hospitality industry,  warning that a task force in Texas recently arrested suspects who successfully infected computers at several hotel business centers in Dallas/Fort Worth.

“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” and …

“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning continues. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”

The advisory suggests limiting guest accounts to the type that does not have the clearance to install programs. But, while the suggestion has some merit, it is not enough spoil malware, since these programs can be installed through a user account as easily as through and account with administrative access.

See an excellent article by Brian Krebs here: