The Darkhotel cyber threat highlights the need for corporations to take regular TSCM sweeps seriously.

Darkhotel, so named by Kaspersky Labs, is a malware attack that has been operating at least since 2009, focusing on executives visiting hotels especially in Asia.

A key element in these reports, according to Kaspersky’s research, is that the Darkhotel group often knew a target’s room number, full name, and length of stay before they arrived. This indicates that the perpetrators would have done extensive intelligence gathering and surveillance of the intended targets prior to the travel. In this light, TSCM sweeps become much more significant in the fight against cyber attacks and protection of information assets.

Kaspersky explains how the Darkhotel malware works:

[The hackers] wait until, after check-in, the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in. The attackers see him in the compromised network and trick him into downloading and installing a backdoor that pretends to be an update for legitimate software – Google Toolbar, Adobe Flash or Windows Messenger. The unsuspecting executive downloads this hotel “welcome package,” only to infect his machine with a backdoor- Darkhotel’s spying software.

Executive itinerary should be protected and kept confidential.

Be sure to have regular counter-surveillance sweeps performed for your executive offices, especially when any travel plans are scheduled.  Along with cyber threats, enemies planning physical attacks on your personnel will also have made use of surveillance prior to an attack. The personal plans and itinerary of executives are types of information that you can’t afford to lose control of.

Recent news articles on the Darkhotel threat can be found at CNBC [here], CNET [here], and Wired [here].