Major companies are acting like Equifax breach didn’t happen.
Cybercriminals from certain countries are having a particular focus on breaching organizations operating in the travel sector.
Hotels, airlines, cruises, and travel sites are being constantly under attack by hackers who are using fake or stolen account details to access legit accounts.
But now hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets in order to deliver attacks at industrial scale.
Between November 2017 and March 2018, 650 million malicious attempts came from Russia and 625 million came from China.
In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For now, researchers can’t be sure why hackers from Russia and China are being so prone to wanting to hijack accounts from the hospitality sector. One likely explanation is that hotels and travel sites would be lucrative for organized crime gangs, by their nature, companies in the hospitality sector usually store a lot of personal and valuable information.
The hospitality industry represents a big apple from Russia and China because it can potentially deliver big rewards like fraudulent bank transfers or other types of fraud.
Researchers had analyzed nearly 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in the industry of airlines, cruise lines, and hotels; In 40 percent of the time, cyber attacks were made by bots known as impersonators of known browsers.
Keep in mind that, hotels have everything from guest credit card data through to identity documentation of that guest, which both are extremely valuable to hackers that want to commit cyber-fraud.
Besides being full of personal information which can be used to commit fraud or even make purchases, a lot of hotel websites also offer users incentives and point-based reward systems which can be abused too, because they are profitable and hard to track when compromised.
The number of credential abuse attacks is skyrocketing every day, cybercriminal forums and underground marketplaces are full of stolen and leaked login information including usernames and passwords – often sold at a very low price.
If you combine that with login credential re-use across multiple websites, it’s easy to understand how accounts count for big illicit profit schemes.
So it’s a must for every company working in the hospitality industry to implement a serious cybersecurity solution for their data protection strategy.
Hotels, in general, will remain for a long time a popular target for hackers, because travelers will be less concerning about connecting to wi-fi hotspots when staying at a destination. Let’s not forget that some espionage hacker groups have even used this knowledge in order to conduct phishing attacks for delivering malware to high profile targets.
We would continue to monitor those cyber threats. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.