A new report reveals an industry under siege by highly competent adversaries leveraging a range of aggressive tactics and tools.
This story first appeared on HR Leader sister brand Cyber Daily.
Hackers are increasingly deploying a wide variety of advanced tactics to breach the networks of hospitality vendors, causing business disruption and compromising guests, according to new research from cyber security firm Trustwave.
The activities of these cyber criminals effectively mirror industry best practice but for illicit gain. They share knowledge across hacking forums and the dark web, co-ordinate their attacks, and take advantage of encrypted messaging platforms.
The hospitality industry is uniquely vulnerable to this form of co-ordinated activity. It has twice the number of public-facing network devices and 15 per cent more critical vulnerabilities – alarming statistics that hackers can readily take advantage of.
“Cyber criminals now operate like businesses. They collaborate, specialise and focus on return on investment. We have seen ransomware groups, like Akira and Conti affiliates, target Australian hospitality brands by exploiting third-party vendors and stolen credentials,” Craig Searle, director, consulting and professional services (Pacific) and global leader of cyber advisory at Trustwave, said in a statement.
“Recent incidents involving TFE Hotels and the Fullerton Hotel Sydney show how attackers can cause widespread disruption when systems lack visibility, monitoring, or real-time response.”
As hotels and other entities in the sector progress on their digital transformation journeys, attack surfaces expand and the security environment becomes more fraught. But there is a small silver lining for Australian organisations.
“Compared to global trends, Australia’s regulatory framework emphasises stricter penalties for privacy violations and expanded oversight of third-party vendors, yet the sector remains a prime target for ransomware groups with hospitality environments creating ideal conditions for attackers,” Searle said.
“Hospitality teams focus on delivering quick, seamless guest experiences, which can lead to gaps in security awareness. Cyber criminals exploit that mindset using fake booking messages, vendor impersonation or urgent requests to get around defences.”
Once inside a network, threat actors can manipulate management systems, payment platforms, and communications with guests, which in turn can lead to further compromise and fraud. An entire shadow travel industry exists on the dark web built upon stolen credentials and compromised loyalty accounts.
However, its ransomware attacks continue to grow as they represent a better return on investment.
“From an attacker’s perspective, ransomware attacks continue to represent the best value-for-money strategy and so it is expected they will continue to grow in frequency over time,” Searle said.
“As artificial intelligence continues to evolve at a rapid rate, the breadth of delivery channels – such as email, SMS, and social media – for the initial compromise attempt, is expected to increase as well as the reliability and believability of that content when delivered.
“Ultimately, this will increase the likelihood of successful attacks against Australian hospitality businesses unless further investment is made in improving preventative capabilities such as managed detection and response, email protection and employee awareness training.”
You can read full reports on the hospitality industry and its cyber vulnerabilities here.