Friday, July 11, 2014

Keylogger Malware Found in Hotel Business Centers

The NCCIC and the USSS North Texas Electronic Crimes Task Force recommend that hotel managers, owners and other hospitality industry stakeholders consider the following.

Contacting your network administrator to request that:
• A banner be displayed to users when logging onto business center computers; this should include warnings that highlight the risks of using publicly accessible machines.

• Individual unique log on credentials be generated for access to both business center computers and Wi-Fi; this may deter individuals who are not guests from logging in.
• All accounts be given least privilege accesses; for example, guests logging in with the supplied user ID and password should not be able to download, install, uninstall, or save files whereas one authorized employee may have a need for those privileges to carry out daily duties. 

• Virtual local area networks (VLANs) are made available for all users, which will inhibit attackers from using their computer to imitate the hotel’s main server.
• All new devices are scanned (e.g. USB drives and other removable media) before they are attached to the computer and network; disabling the Auto run feature will also prevent removable media from opening automatically.
• Predetermined time limits are established for active and non-active guest and employee sessions.
• Safe defaults are selected in the browsers available on the business center desktops (e.g. Internet Explorer, Mozilla Firefox). Options such as private browsing and ‘do not track’ for passwords and websites are some of the many available.

Any questions regarding this advisory can be directed to the United States Secret Service North Texas Electronic Crimes Task Force at (972) 868-3200