Resort Front Desk – Gateway to Compromise?
The Network: A chain of vacation resorts with several locations in North America. The front desk is supposed to be the gateway to good times.
The Expectation: Prevention defenses are working (Anti-Virus, Next-Gen Firewall) and monitoring is in place to catch anything that slips through the prevention layer.
The Catch: Netsurion’s SOC analyst identified an unexpected connection to China during the graveyard shift, from a machine at the front desk at a resort location.
The Find: The system was targeted by malvertising. It was high season for the resort, and so the front desk was staffed in the night shift to be responsive to guests. Even so, the person at the front desk was bored and was surfing the web. In doing so, a website delivered malware via a third-party ad server. This malware was able to get by the anti-virus on the desktop and began executing. After an initial recon, it “phoned home,” as is often the case with the first stage dropper infections. This was especially dangerous because the front desk station is used to process credit cards during checkout, creating a potential PCI DSS compliance gap.
The Fix: Quarantine the infected kiosk; ideally re-image the infected laptop before returning to service. Review internet access network policies from such endpoints — a reputable DNS service would have denied the access. 24/7/365 SOC monitoring combines technology, processes, and cybersecurity expertise to detect and respond to evolving threats.
The Lesson: Stop relying exclusively on Anti-Virus and Next-Gen Firewall. Think defense in depth (Network Access Control, Endpoint Threat Detection). Monitoring DNS activity and network traffic are excellent techniques.