The US Secret Service has warned users of hotel business centers that public PCs may be targeted by hackers, with the intent on stealing personal and business information.
An advisory posted by the service, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC) warned that the hospitality sector, notably hotels, is particularly vulnerable to attackers intent on pilfering sensitive information.
A joint-notice was issued by the two agencies after arrests were made in the Dallas and Forth Worth, Texas areas, of suspects who were able to compromise computers in several major hotel chains, according to security expert Brian Krebs.
To wit, the notice read:
"The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts...
...The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers."
The notice warned that the attacks were "not sophisticated" and required "little technical skill," and did not involve exploiting browsers, operating systems, or other software.
Long are the days where financial data was the be-all and end-all. Hackers are not always intent on skimming credit cards for bank data — though, it's a short-term reward. Malicious actors who target hotel business centers are more interested in corporate data.
While keyloggers may send many minds back to the early-2000s, they still exist in a number of shapes and forms. According to Krebs, the good-intentioned advice of the notice, such as restricting a user's login to a non-administrator's account may not foil today's advanced keylogger malware.
That said, a number of operating systems now — notably Windows 7 and above, which are still in regular use in hotel lobbies and business centers — come with clean-slate functionality, to allow administrators to wipe clean machines and restore a saved state at any time.
Some versions of Linux already feature a no-save state, which prevents any data from being written to the disk — meaning users can browse the Web and leave nothing installed on the machine, foiling the advances of any repeat-offending malware.