A new study by Trustwave SpiderLabs documents the attack flows used by threat groups, revealing their tactics, techniques and procedures. From brute force to exploitation of known vulnerabilities to attacks on exposed open ports, these persistent threats pose significant risks to the services industry.
From hotels to restaurants to cruise ships, the hospitality industry is deeply embedded in the daily lives of millions, making cybersecurity threats particularly vast, complex and significant. Nearly 31 percent of hospitality companies have reported a data breach in their history, and 89 percent of them suffer at least once a year, according to a report from Cornell University and FreedomPay. Although the average cost of a hospitality violation (US$3.4 million) is lower than the industry-wide average (US$4.4 million), the competitive nature of this industry means that reputational impacts can significantly harm your bottom line. there is.
Cory Daniels, Chief Information Security Officer, Trustwave said: In an industry where guest satisfaction and reputation are paramount, maintaining security while providing cutting-edge technology is a delicate balance. Our latest threat briefing is a valuable resource for hospitality industry security leaders, providing a comprehensive view of the threats observed by the SpiderLabs team and specific mitigation strategies to strengthen your defenses. . ”
The Trustwave SpiderLabs report analyzes threat groups and their methods throughout the attack cycle, from initial foothold to exfiltration. Key findings from the report include:
- The MOVEit RCE (CVE-2023-34362) vulnerability is one of the most important exploits used by attackers to target hospitality clients. After analyzing over 150 of his victims within the hospitality industry, we found that this MOVEit zero-day vulnerability caused a significant spike in Clop ransomware attacks.
- HTML attachments account for 50% of the file types used in malware attachments via email. HTML file attachments are used in phishing as redirectors to facilitate credential theft and to distribute malware through HTML smuggling.
- Gaining access to credentials, primarily using brute force attacks, accounted for 26% of all reported incidents. In this tactic, an attacker takes advantage of a valid account and compromises the system simply by logging in with a weak password that is vulnerable to password guessing.
Trustwave SpiderLabs research serves as a resource for hospitality companies to understand and combat the numerous threat groups, malware variants, and techniques deployed against them. The report investigates:
Emerging Trends in the Hospitality Industry
- Artificial intelligence (AI) and generative AI: Generative AI, a powerful tool increasingly used in the hospitality industry to improve the guest experience with services like chatbots and language translation, exposes the industry to unique impacts and risks.
- Contactless technology: New features such as contactless table payments and smartphone and card reader integration offer a seamless experience for businesses and customers alike, but they also introduce new attack vectors.
- Third Party Risks and Exposures: We are increasingly dependent on third-party vendors for services such as heating, ventilation, and air conditioning (HVAC). Vending machines; point-of-sale (PoS) systems pose additional risks because more vendors have access to sensitive data and systems.
Cybersecurity challenges unique to the hospitality industry
- Seasonal Less Sophisticated Workforce: The hospitality industry employs a diverse workforce, and seasonal, less sophisticated staff are often employed during peak periods to meet demand. This presents a clear risk of insider threats, whether intentional or not, due to the challenge of providing consistent security training to a continuously changing group of employees.
- Constant user turnover: Hospitality facilities attract new guests almost every day. This ongoing cycle demands consistent uptime, addresses bandwidth constraints, and strives to minimize exposure to security threats.
- Dirty network: Given the sheer number of network users, whether it’s hotel guests or individuals connecting to Wi-Fi in a coffee shop, organizations in the hospitality industry can make their networks vulnerable to attacks. It must operate under the assumption that it is highly susceptible. This can lead to reluctance to implement patches or configuration changes that could negatively impact day-to-day operations.
- Physical security concerns: Unlike traditional office buildings, where employee access is typically controlled by access cards, hospitality facilities face cybersecurity risks because guests have access to the hardware. For example, you can leave a hotel server closet unlocked for easy access, or easily insert a thumb drive into a nearby device.
- Franchise model: Franchise frameworks create disparities in policy consistency and enforcement across industries, including cybersecurity measures. Different franchisors and franchisees are adopting different business models and, as a result, their cybersecurity practices are also diversifying.
Pervasive Threat Actors and Threat Tactics Across the Hospitality Industry
Threat actor:
- rock bit
- medusa
- Vice Association
- Bianlian
- black buster
- giraffe, royal
- karakurt
threat tactics
- Email-borne malware (Emotet, Qakbot)
- Phishing (IPFS, image-based, brand spoofing)
- Fraud (fake order fraud, extortion fraud)
- Business Email Compromise (BEC) (e.g. payroll diversion)
- malware
- Access to credentials (brute force, auctioned accounts)
- Exploitation of vulnerabilities.
To access the full Trustwave SpiderLabs Threat Report, visit2023 Hospitality Threat Landscape: Trustwave Threat Intelligence Explained and Mitigation Strategies,” Please click here.
About Trustwave
Every day, as a globally recognized cyber defender who stops cyber threats, we enable our clients to conduct business safely.
By detecting threats that others cannot see, Trustwave enables you to respond quickly and protect your clients from the devastating effects of cyberattacks. We leverage our world-class team of security consultants, threat hunters, and researchers and our market-leading security operations platform to relentlessly identify and isolate threats using the right telemetry at the right time. We are taking appropriate measures.
Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security. His elite Trustwave SpiderLabs team provides award-winning threat research and intelligence that is incorporated into Trustwave’s services and products to strengthen cyber resiliency in an era of advanced threats.
For more information on Trustwave, please visit our website. website.