According to zdnet.com, hotels, restaurant chains, and related tourism services have been subject to a range of techniques when it comes to cybercrime; due to the compromise of Point-of-Sale (PoS) terminals to harvest guest data, phishing emails sent to staff which are designed to give attackers access to internal systems, and Man-in-The-Middle (MiTM) attacks through hotel public W-Fi hotspots being only some of the potential attack vectors.
“The data that the hospitality industry accepts, processes, and holds is valuable,” according to the article. “Guest Personally Identifiable Information (PII) and financial information can be used in spear-phishing schemes, sold on in bulk, or potentially used to create clone cards when strong encryption is not in place to protect payment data.”
It reports a growing list of threat actors that specialize in attacks against hotels and hospitality organizations, such as DarkHotel, and Kaspersky, which published research on a targeted campaign called RevengeHotels.
First spotted in 2015 but appearing to be most active this year, RevengeHotels has struck at least 20 hotels in quick succession. The threat actors focus on hotels, hostels, and hospitality & tourism companies with the majority of the campaign taking place in Brazil. Although infections have also been spotted in Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, and Turkey.
The threat group deploys a range of custom Trojans in order to steal guest credit card data from infected hotel systems as well as financial information sent from third-party booking websites such as Booking.com.
The attack chain begins with a phishing email sent to a hospitality organization. Professionally-written and making use of domain typo-squatting to appear legitimate, the researchers say the messages are detailed and generally impersonate real companies.
Click here to read the full ZDNet article.