Unlike conventional office buildings where employee access is typically controlled through access control cards, hospitality establishments face a bevy of cybersecurity risks due to the accessibility of hardware by guests, according to a recent report by Trustwave.
For instance, the server closet in a hotel could be left unlocked and easily accessible or a thumb drive could easily be inserted into a nearby device. According to the report, artificial intelligence (AI), contactless technology and third-party exposures all pose risks to the industry.
Obtaining credential access, primarily by using brute force attacks, was behind 26 percent of all reported incidents. This tactic has threat actors leveraging valid accounts to compromise systems by simply logging in using weak passwords that are vulnerable to password guessing.
According to the report, the MOVEit RCE (CVE-2023-34362) vulnerability is one of the top exploits threat actors use to target hospitality clients. Analysis shows a significant surge in Clop ransomware attacks due to this MOVEit zero-day vulnerability. HTML attachments make up 50 percent% of the file types being used for email-borne malware attachments. HTML file attachments are being used in phishing as a redirector to facilitate credential theft and for delivering malware through HTML smuggling.
Given the substantial volume of network users, whether they are hotel guests or individuals connecting to coffee shop Wi-Fi, organizations within hospitality must operate under the assumption their networks are highly susceptible to attacks due to the sheer number of users. This leads to hesitancies to deploy patches and configuration changes that might have an adverse impact on day-to-day operations.
Top threat actors:
- Vice Society
- Qillin, Royal
Top threat tactics:
- Email-borne malware (Emotet, Qakbot)
- Phishing (IPFS, image based, brand impersonation)
- Scams (fake order scams, extortion scams)
- BEC (e.g., payroll diversion)
- Credential access (brute forcing, auctioned accounts)
- Vulnerability exploitation
To download the full report, go here.