This site uses cookies, tokens, and other third party scripts to recognize visitors of our sites and services, remember your settings and privacy choices, and — depending on your settings and privacy choices — enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

By continuing to use our site or clicking Agree, you agree that CBS and our key partners may collect data and use cookies for personalized ads and other purposes, as described more fully in our privacy policy. You can change your settings at any time by clicking Manage Settings.

Aaron Robinson/CNET

Yet another reminder about the dangers of using public Wi-Fi, security consulting firm FireEye reports that it's uncovered a phishing-based cyberattack aimed at people staying at hotels in Europe and the Middle East. 

The attack uses a combination of an old standby -- an infected document -- and the latest tools, including Wi-Fi sniffing and the Microsoft SMB exploit EternalBlue (made famous by WannaCry). According to FireEye, Russian-based APT28 hackers have deployed attempts to collect passwords sent over the network. That's one of the groups associated with the DNC attack during the 2016 US election cycle. However, FireEye hasn't yet found any examples of stolen credentials in the locations where it says this specific attack has occurred.

When a user opens the infected document, it runs a macro that deploys code which infiltrates the hotel's network. It then spreads across networks via EternalBlue and spoofs pages the user brings up to collect usernames and passwords. 

The process is more complicated than that, of course. You can get more detail from our sister size ZDNET's coverage, and yet more detail from the FireEye report.

See comments


DIY Tech
How to tips and tricks for getting the most out of all your tech delivered to your inbox.
More From Security
More From CNET