Almost two dozen hotels have fallen victim to a wide-ranging cyberattack that places not only their business at risk, but the personal and financial data of their customers, as well.
This was confirmed by Kaspersky, whose security researchers have been looking into the RevengeHotels campaign. The campaign which is active since 2015 is only now picking up steam, and the experts are saying at least two groups are actively engaged.
The groups, RevengeHotels and ProCC, are using standard phishing methods to try and trick hotel staff into downloading a malicious Word, Excel or PDF attachment. They pose as someone looking to book rooms for a larger group of people. The emails are very well crafted, and even more careful employees could be tricked, Kaspersky says.
“The only detail that would reveal the attacker would be a typosquatting domain of the organisation,” they say.
The malware that gets installed through infected attachments allows the criminals to gain remote access to the attacked machines. They’d have access not only to the computers, but to the connected printers and copy machines, as well. And given that hotel staff often copies customer credit card details for easier charging, Kaspersky believes this type of information could also be compromised.
Kaspersky telemetry confirmed targets in Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. But with further analysis through the link shortening service Bit.ly, it seems as the targets could be present in other countries, as well.
“As users grow wary of how protected their data truly is, cybercriminals turn to small businesses, which are often not very well protected from cyberattacks and possess a concentration of personal data. Hoteliers and other small businesses dealing with customer data need to be more cautious and apply professional security solutions to avoid data leaks that could potentially not only affect customers, but also damage hotel reputations as well,” commented Dmitry Bestuzhev, Head of Global Research and Analysis Team, LatAm.