Guests who used business centers in American hotels may be at risk from gangs installing keylogger malware on the computers to steal banking and email passwords, according to a report by veteran security writer Brian Krebs.
The Department of Homeland Security and National Cybersecurity and Communications Integration Center (NCCIC) issued an advisory to hotel companies on July 10, warning that criminal groups may be targeting hotel business centers with keylogger malware, according to Help Net Security.
“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the NCCIC said in its advisory.
Keylogger malware warning
Despite describing the attacks as “not sophisticated”, the attackers' keylogger malware had a high impact, the NCCIC warns: “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
The warning follows the arrest of suspects in Texas who had used keylogger malware to record the keystrokes of guests, and had successfully stolen details such as bank account passwords and email login credentials at several “major” hotel chains.
How to stay safe from keylogger malware
The advisory included steps for hotel chains to secure PCs in their business centers - including limiting guests to non-administrator accounts without the ability to install programs.
Help Net Security points out that much modern malware can install regardless of whether a user has administrator privileges - and advises hotel guests to refrain from entering sensitive information such as banking passwords whilst on PCs in hotel business centers.
Krebs points out that the fact that hotel business centers routinely allow users to plug in USB devices and CDs means that attackers can bypass many security measures.
Security Affairs offers a detailed list of the NCCIC’s recommendations for hotel chains - but concludes that the simplest solution is to avoid using any public computer for private affairs such as banking, warning “Cybercriminals are behind you.”