Dubai: Beware of sharing your credit cards details with hotels as cybercriminals are now stealing guests’ data from hotel front desks worldwide.
Kaspersky’s research of the RevengeHotels campaign, aimed at the hospitality sector, has confirmed that more than 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks. Even more hotels are potentially affected across the globe. Travellers’ credit card data, which is stored in a hotel administration system, including those received from online travel agencies (OTAs), is at risk of being stolen and sold to criminals worldwide, warned Kaspersky, a global cybersecurity company. The warning comes at a time when the UAE residents are gearing up for a long National Day holidays weekend.
RevengeHotels is a campaign has been active since 2015 but has gone on to increase its presence in 2019. At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved.
The main attack vector in this campaign is emails with crafted malicious Word, Excel or PDF documents attached.
Each spear-phishing email was crafted with special attention to detail and usually impersonating real people from legitimate organisations making a fake booking request for a large group of people. It is worth noting that even careful users could be tricked to open and download attachments from such emails as they include an abundance of details (for instance, copies of legal documents and reasons for booking at the hotel) and looked convincing. The only detail that would reveal the attacker would be a typosquatting domain of the organisation.
Once infected, the computer could be accessed remotely not just by the cybercriminal group itself — evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis.
Malware collected data from hospitality desk clipboards, printer spoolers and captured screenshots (this function was triggered using specific words in English or Portuguese). Because hotel personnel often copied clients’ credit card data from OTA’s in order to charge them, that data could also be compromised.
Kaspersky telemetry confirmed targets in Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. However, based on data extracted from Bit.ly, a popular link shortening service used by the attackers to spread malicious links, Kaspersky researchers assume that users from many other countries have at least accessed the malicious link — suggesting that the number of countries with potential victims could be higher.
“Hoteliers and other small businesses dealing with customer data need to be more cautious and apply professional security solutions to avoid data leaks that could potentially not only affect customers, but also damage hotel reputations as well,” comments Dmitry Bestuzhev, Head of Global Research and Analysis Team, LatAm.
How to stay safe
Use a virtual payment card for reservations made via OTAs, as these cards normally expire after a single charge.
When paying for a reservation or checking out at hotel desks, use a virtual wallet, such as Apple Pay or Google Pay, or a secondary credit card with a limited amount of debit available.
Advice for hotels to secure customer data
Conduct risk assessments of the existing network and implement regulations regarding how customers data is handled
Use a reliable security solution with web protection and application control functionality
Introduce staff security awareness training to teach employees how to spot spear-phishing attempts and show the importance of remaining vigilant when working with incoming emails.