The first National Convention of Cybersecurity in Hotels will take place in the Auditorio Adán Martín in Santa Cruz de Tenerife next October. And at Open Data Security we didn’t want to miss the chance to make a brief review of some of the cyberattack cases which had a major effect on the biggest hotel companies.
It is a fact that hotels have become a new focus for cybercriminals, who use more and more sophisticated techniques. Over the last few years, the main international hotel chains have admitted endless attacks against their ICT systems, including the knock-down of some essential services of their establishments and the theft of their guests’ personal and banking information.
According to the Deloitte Consulting Expectations 2017 report, the tourism sector occupies a prominent place as a cyberattack objective, right after the public and financial sectors. There are two main reasons why the tourism sector is one of the most affected by cyberattacks: their high revenue and all the relevant information they possess, like the customers’ personal data, bank accounts, bookings, schedules, suppliers, etc.
The most common cyberthreats which the tourism sector has to fight against are:
- Information theft -a very precious asset in the black market (Deep Web)-
- Attacks that cause business disruption and do not allow companies to provide their services
- Attacks that affect the quality of service, which degrade the user experience
Some of the consequences for the company are the loss of customers’ confidence, damage to its reputation and brand, legal risks and economic losses.
The report also points out that economic goals are among the main targets of cyberattacks, since 89% are based on financial and espionage grounds.
“The tourism sector has positioned itself as one of the three target industries for cybercrime. It adds new risks that affect the security of customer data and the company itself.”
Excerpt from the Expectations Report 2017 prepared by Deloitte.
Attack on the Donald Trump hotel chain: guests’ data compromised
Last July, the Trump hotel chain was the victim of a new cyberattack that affected 14 of its hotels. The third in the last few years. As they themselves recognized, computers and POS terminals from their restaurants, gift shops, and other stores were infected between May 2014 and June 2015.
According to the statement provided by the company, this cyberattack was made through a security breach in Sabre’s SynXis Central Reservations booking platform, which the chain uses for clients to make their online reservations.
The exposed customer information contained the name and the number of credit cards with their expiration date and the security code. The list of affected hotels was published along with the dates on which the customer information was disclosed.
In addition to the Trump Hotels, and due to the same security breach, the information of 11 “Hard Rock Hotel & Casino” hotels and 21 “Loews Hotels” hotels was also compromised.
The most recent case, an Austrian hotel pays its own “cyber-ransom” due to a ransomware attack
This was a new case of how IT security can be circumvented and the excessive reliance on technology in many cases. The Romantik Seehotel Jägerwirt, located in the Austrian town of Turrach, and considered one of the most luxurious in Europe, admitted an attack on its central computer system that blocked the equipment which programmed the so-called “keycards”.
According to the Austrian media outlet The Local, the event took place on January 22 insisting that this targeted attack made the guests “kidnapped” in their rooms. However, hackers only succeeded to lock the key cards generation system, which are present in many hotel centers.
What actually happened was that a group of cybercriminals asked the owners of the residence to pay two bitcoins, which has an exchange rate of about 1,500 euros. They opted for this currency because the way this operates makes it difficult for authorities to track the transaction. They were able to access the system of connected electronic keys, blocking the equipment in charge of programming the card keys. And they did so in a “ransomware” attack, one of the most widespread viruses whose mission is none other than to encrypt the data of a computer system.
The hotel management assured that they had previously recorded three attempts by cybercriminals, but this time they were able to knock down the entire central system. Precisely, this latest attack, which coincided with the first weekend of the winter season, caused such chaos that, according to the local media, it even shut down all the computers of the hotel, including the reservation system and the cash register. At that moment, the presence of 180 guests was estimated.
When the hackers obtained the money, they unlocked the system keys registration and the computers, returning things to normality. However the director of the centre believes that a “back door” was installed in order to attack again. To prevent this from happening again, this centre, which has 111 years of history, is considering returning to the traditional system: classic physical keys.
The new threat to hotels: ransomware
The new trend of paying a ransom to recover stolen information reaches the hotel sector, according to PandaLabs, the anti-malware laboratory of Panda Security. In addition, more and more companies are forced to face new types of attacks, including threats designed specifically for each victim. Hotels have become the target of cybercriminals.
According to the recent report by Kaspersky Lab, this type of attacks have increased by three worldwide during 2016.
Online reservation systems and booking platforms are widely exposed to such attacks. They are an endless source of customer information, including credit cards.
The most recurrent invasion is in the operating system of Point of Sale Terminals (POS) to get the details of tourists’ credit cards and thus access their funds.
How do these attacks begin? Most start with an innocent email with an attached file that is installed on the victim’s computer. An email sent to an employee with a file that supposedly contains the billing data of a customer.
Trap: Despite appearing with the icon of a Microsoft Word document, it actually contains a compressed folder. When opened, the malicious file is executed at the same time that a blank page of the text editor is opened.
The second path is through a link in the body of the email that leads to a malicious web page.
It is a strategy called “phishing”, a social engineering technique whose purpose is to deceive the user into revealing sensitive information. And although it is not the only method used to carry out a ransomware attack, is certainly the most common method to accomplish these crimes.
Once the malware is installed, hackers have access to the victim’s computer every time they turn it on, regardless of whether or not you execute the Microsoft text-editing program. As Panda Security warns, the main objective of this type of attacks is not the computer of the person attacked, but the entire computer system of the hotel chain and, therefore, all its clients’ information.
What solutions exist to avoid these attacks?
The only way to deal with ransomware is to prepare properly. Firstly, create awareness within your hotel, training your staff in order to identify these threats. Secondly, keep data backups periodically. A 3-2-1 backup scheme is ideal for isolating information against ransomware threats. This rule simply consists on making 3 copies of the data in 2 different media and hosting the third copy in 1 different physical place.
Most ransomware is delivered through infections. So make sure your employees know how to recognize these fraudulent techniques and not to click on links to emails and attachments from unknown sources.
Also, make sure you are running an antivirus software with up-to-date malware definitions. This will protect your company from the currently known ransomware.
In addition to these recommendations, there are other solutions: establishing new protocols to protect the online environment and the system itself; incorporate secure network infrastructures to prevent attacks; new programming systems that strengthen networks, new collection systems, cybersecurity, etc.
What solutions can you apply today?
A company can not afford to reduce its productivity or its income because the hackers have discovered a security gap in its infrastructure. This is the main reason why it is necessary to take the computer security of your company seriously and look out for a team of specialists which will improve this fundamental part of a business.
The objective of the team behind Open Data Security is actually this, to make sure that the companies we work with are provided with the best protection. In order to prevent an unauthorized user from accessing your system, it is advisable to reinforce the security of your networks, performing a penetration test that includes a complete analysis of the errors found in your infrastructure.
Do not hesitate to contact us to maximize the safety of your company.
We know hotel companies, like all other ones of the different sectors, must promote a safe digital transformation, investing in technologies that comply with the regulations and that are able to guarantee maximum security. We must not forget that a secure and reliable technology generates value and, at the same time, helps to satisfy the traveller demands.
- Phishing in social networks: do not trust your friends - August 29, 2018
- Mr Robot: cyber security lessons at home and from the sofa - April 11, 2018
- No one is safe from cyberattacks, and celebrities are no exception - April 4, 2018