The U.S. Secret Service, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), has issued an advisory warning the hospitality industry of recently discovered malware found on hotel business center PCs.
The keystroke-logging malware was found to be capable of stealing personal, financial and corporate data that is then sent to hackers’ via email.
The advisory was issued on July 10, 2014, following an arrest in the Dallas/Fort Worth area after suspects successfully compromised several computers in various local hotel business centers.
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers,” the advisory stated.
The attacks did not involve exploiting browsers, operating systems, or other software and were found to require minimal technical skill.
The advisory also listed a number of basic recommendations to help secure the hotel’s public computers, including limiting guest accounts to non-administrator privileges that may not install or uninstall computer programs.
Security expert Brian Krebs commented in a blog post, “This is a good all-purpose recommendation, but it won’t foil today’s keyloggers and malware—much of which will happily install on a regular user account just as easily as on an administrative one.”
The hospitality industry continues to be a prime target for hackers, more so than other sectors. Just last week, a Houston hotel suffered a credit card breach affecting more than 10,000 hotel guests after a six-month payment processing system compromise.
Read More Here…