By “Amer Owaida”, Security Writer at ESET
With the COVID-19 pandemic forcing an increasing number of companies to shift to remote work, some employees working from home have been struggling to find a quiet environment for work. The hospitality industry has also been impacted by the pandemic, with more and more hotels across the United States and around the world offering their empty rooms as daytime makeshift offices for remote workers seeking to work in a distraction-free place.
Taking note of the trend, the FBI’s Internet Crime Complaint Center (IC3) has issued an announcement warning about the risks of using hotel Wi-Fi networks to access sensitive and work-related information. “Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests,” the Bureau warned.
Hotel guests connected to Wi-Fi networks can be easy targets for cybercriminals, who can launch a variety of attacks to target their victims. This includes infiltrating a poorly secured network to monitor the victims’ traffic and redirect them to fraudulent login pages. Another threat is posed by “evil twin” attacks, wherein the attacker creates a malicious Wi-Fi network that carries a similar name to the hotel’s network in order to dupe unsuspecting guests into connecting to it and providing the black hats with direct access to the devices.
A threat actor could also compromise the employee’s company-issued devices in order to gain access to sensitive data stored on the device or to infiltrate the company’s network. This could allow the hacker to comb through the company’s systems in search of proprietary information, as well as implant malware such as keyloggers or ransomware that could then propagate to other devices connected to the network.
“Cybercriminals can use information gathered from access to company data to trick business executives into transferring company funds to the criminal,” added the FBI when highlighting the threat of Business Email Compromise (BEC) scams, also known as CEO fraud.
Remote workers who are considering making the leap to working from a hotel would do well to ponder additional risks beyond their control, such as the hotel’s approach to cybersecurity or how it handles its network infrastructure. The hotel-turned-office may be using outdated networking equipment that could be riddled with vulnerabilities or it may not update and patch its systems often enough, any of which could provide avenues for attacks.
However, if working from a hotel room remains an attractive option, there are steps that employees can take to protect their devices and mitigate the chances of falling prey to cybercriminals while working on a public hotel Wi-Fi.