In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product.
If the user clicked to accept and
install the update, malicious software was installed on the laptop. The pop-up
window appeared to be offering a routine update to a legitimate software
product for which updates are frequently available.
Although specifically citing overseas hotels, the same type of intrusion can occur anywhere that someone connects to an unknown network.
Although specifically citing overseas hotels, the same type of intrusion can occur anywhere that someone connects to an unknown network.
Recent analysis from the FBI and
other government agencies demonstrates that malicious actors are targeting
travelers abroad through pop-up windows while they are establishing an Internet
connection in their hotel rooms.
The FBI recommends that all
government, private industry, and academic personnel who travel abroad take
extra caution before updating software products through their hotel Internet
connection. Checking the author or digital certificate of any prompted update
to see if it corresponds to the software vendor may reveal an attempted attack.
The FBI also recommends that
travelers perform software updates on laptops immediately before traveling, and
that they download software updates directly from the software vendor's website
if updates are necessary while abroad.
Anyone who believes they have been a
target of this type of attack should immediately contact their local FBI office.
No comments:
Post a Comment