• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   The hospitality industry: A magnet for hackers

The hospitality industry: A magnet for hackers

  • Posted on:May 18, 2015
  • Posted in:Current News, Cybercrime, Industry News, Vulnerabilities & Exploits
  • Posted by:
    Trend Micro
0

There are certain industries that offer cyber criminals more opportunity and payload than others. For example, organizations in sectors that constantly deal with sensitive customer information or financial data are more likely to be targeted by hackers than businesses in industries that do not.

Recently, the hospitality industry has become a considerable target for black hats, with an increasing number of attempted attacks and breaches reported in recent years. However, it's not just the hotel establishment itself that malicious actors are after – oftentimes hackers are vying for the payment and personal details of clients as well.

Let's take a look at some recent cyber criminal activity in the hospitality industry, as well as certain strategies businesses in this sector can adopt to better protect themselves.

Breach at the Hard Rock
The Hard Rock Hotel is one of the most well-known establishments across the industry, with locations in major cities in and outside of the U.S. At the beginning of May, the brand reported it had suffered a malware attack that might have enabled hackers to gain access to payment card information used at several of its locations.

Reuters reported that the attack was first discovered on April 3, and potentially affected customers' names, credit card numbers and CVV security codes. While the event is still being investigated, researchers don't believe other sensitive information was compromised during the breach. In addition, investigators found that the infection only impacted transactions that occurred between September 3, 2014 and April 2, 2015.

Although the Hard Rock works with a number of partnering organizations and retailers, some of which have their own boutiques and shops inside the company's hotel locations, the breach only compromised transactions at Hard Rock restaurants, bars and retail stores. This means hackers were unable to breach information related to transactions at the hotels, casinos, spas or other outside retail stores housed in the hotels.

This is by no means the first time a hotel has been breached by hackers in this manner, but it is the most recent event taking place this year. Earlier in 2015, the Mandarin Oriental Hotel Group also announced a breach, as did Marriott Hotels. These instances illustrate how attractive the hospitality industry has become to hackers recently. Establishments in this industry not only deal with considerable financial information, but the personal details of their clients as well, providing high-profile targets for hackers.

Malware infection: RawPOS
Similar to the recent rash of POS-based attacks in the retail industry, the hospitality sector has seen its share of POS malware infections as well. In late April, Trend Micro reported on RawPOS, an older sample that has been recently leveraged to infect and infiltrate casinos and resort hotels.

This sample initially appeared in late 2008, and a number of security advisories was issued that year and in 2009 in an attempt to warn businesses about this little-known threat. Even six years later, experts are still primarily in the dark about the malware. Since resurfacing in the hospitality industry this year – with victims including establishments in the U.S., Canada, Europe, the Middle East and Latin America – researchers are seeking more information about this threat and how to protect against it.

Currently, Trend Micro researchers know that RawPOS uses a modular design that enables hackers to configure its multi-stage scraper capabilities. The sample is also a considerable threat due to its support for several POS software programs.

"Since business establishments would have different POS software, attackers have modified RawPOS' code to support multiple POS software over time," Trend Micro threat analyst Jay Yaneza wrote.

While a threat like this is no doubt difficult to protect against, hotels and resorts can utilize endpoint monitoring security solutions to ensure that suspicious activity is discovered early on, and key employees that can mitigate the damage are notified.

Targeting hotel guests
Threats in the hospitality industry aren't siloed to the establishments themselves. Recently, Wired contributor Kim Zetter reported on a new approach being used by hackers to target high-profile hotel guests via Wi-Fi connections.

The attack works like this: A target checks into a hotel, where hackers already have a network presence, awaiting the arrival of this specific guest. The individual logs on to use the hotel's Wi-Fi connectivity services in his room, and is presented with a pop-up concerning a software upgrade available for one of his programs. He decides to download it, but little does he know that his software isn't being updated, and he has just granted permission to a malware sample.

Kaspersky Lab has been researching the group responsible for these types of attacks, which have mainly been centered in hotels in Asia, dubbing the black hat organization DarkHotel.

"[T]he attackers have been active for at least seven years, conducting surgical strikes against targeted guests at other luxury hotels in Asia as well as infecting victims via spear-phishing attacks and P2P networks," Zetter wrote.

Since the initial discovery of DarkHotel, researchers have found that the group is growing its attack vector to include an increasingly long list of hotels.

"Obviously, we're not dealing with an average actor," noted Costin Raiu, Kaspersky Labs' manager of the global research and analysis team. "This is a top-class threat actor."

Hotel guests can better protect themselves from these kinds of threats by exercising caution when using hotel Wi-Fi and other public links that are not as heavily protected. In addition, users should be wary of any suspicious pop-up or email messages, and avoid clicking links or attachments from unfamiliar senders. Guests should also be cautious about what activities they carry out on such a network. Waiting to use a more secure connection for tasks that require personal or financial information can reduce the chances of data theft. 

Hotels can do their part to better protect their guests as well. Using more staunch protections and activity monitoring can help prevent malicious actors from entering the network in the first place. Hotel managers can also add password protection to their network to block access to non-guests. This ensures that only those staying at the hotel with access to the password – which should consist of a mix of letters, numbers and special characters that is not easily guessable – can connect with the network.

Related posts:

  1. Hackers are hitting hotels hard
  2. Hackers are hitting hotels hard: Tips for travelers and operators
  3. Hotels taking steps to improve data protection, execs say
  4. Advancing threat protection through industry-leading research

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.