Hotel business: an easy target for hackers with attractive profits

The theft of information with the subsequent demand for ransom for it - this is a fashionable cyber-attack, which came into the hotel business. The PandaLabs anti-virus laboratory of Panda Security has published a study called Hotel Hackers , a document that examines the trend of cyber attacks aimed at large hotel and hotel chains.

The study says that in 2015, many such attacks were carried out. There is detailed information about this type of intrusion, as well as how many hotel chains around the world have suffered from these attacks. Among the victims were such well-known hotel chains as Trump, Hilton and Starwood .
')

Hackers see: hotels - profitable business

When a hacker views a hotel as the next victim, he thinks about the fact that he can “hack” millions of hotel rooms, in which millions of people live, spending millions of dollars.

Starting from booking rooms and ending with payments in restaurants and hotel shops, hotels have complex networks that store a huge amount of critical and personal data, and hackers only want to hack it. If you have recently stayed at a hotel, then perhaps it makes sense to check your credit card transactions again ...

Promised story

2015 set a new milestone in this line of business. By 2015, most hotels, regardless of their size, were victims of cyber crimes. Cyber ​​criminals also put an eye on those companies that provide services for hotels.

White Lodging: 24 hotels suffered

White Lodging operates a number of well-known hotels such as Hilton, Marriott, Hyatt, Sheraton and Westin. Although they are more a hotel management company than a hotel chain, they also became victims of a major cyber attack, which became known in 2014. In 2013, at fourteen of their hotels, information on customers' credit and debit cards was compromised.

Two years later, they were faced with another attack on ten of their hotels (some of them were victims of a previous attack). Hackers have done even more damage by stealing customer credit card details: cardholder names, numbers, security codes, and expiration dates. According to White Lodging, this attack was different from the one that was in 2013.

Mandarin Oriental: Thousands of Credit Cards Copied

The luxurious Mandarin Oriental was attacked in March 2015. The malware infected POS-terminals in some hotels of the group, located in Europe and America. The malware was specifically designed and targeted to these types of machine systems, allowing theft of credit card information.

Trump Hotels : Dozens of infected PCs and POS terminals

Between May 2014 and June 2015, seven establishments were attacked. As they themselves admitted, they stole customer credit card data through infected POS terminals and PCs located in their restaurants, souvenir shops, etc. It took one year for criminals to get a huge amount of personal confidential information.

Hard Rock Las Vegas: 173,000 bank cards stolen

As a result of the attack, several POS terminals were infected in their restaurants, bars and shops. But the devices in the hotel or casino were not affected. For seven months (from September 2014 to April 2015), Hard Rock Las Vegas faced attacks that resulted in data theft of 173,000 bank cards from their restaurants, bars, and shops. But they were not the only affected hotel / casino. FireKeepers Casino Hotel at Battle Creek also suffered in 2015.

Hilton Worldwide: Access to Confidential Information

In November 2015, Hilton Worldwide issued a press release in which the company admitted that it was the victim of a cyber attack. They did not provide detailed information about what happened, but it is known that all the information on customers' credit cards was compromised. Fortunately, PIN codes and other personal information were not affected.

Starwood: 105 hotels suffered

At about the same time as the attack on the Hilton, Starwood reported that they had fallen victim to a similar cyber attack. 105 hotels in the Starwood chain (Sheraton, St. Regis, Westin, W, etc.) were attacked, making this attack the largest attack on hotels of this kind at that time. They published a list of hotels where their POS terminals were infected.

Hyatt: 249 hotels affected

Starwood record did not last long. Then something happened that we know as the largest cyber attack on hotels in history. The Hyatt hotel chain in its press release confirmed that POS terminals were infected in their 249 hotels located in 54 countries of the world. From July to September 2015, their POS terminals were infected (again!), After which all their customers' credit card data was stolen.

Rosen Hotels & Resorts: 1.5 years they were infected and did not know about it

The latest victims were Rosen Hotels & Resorts . So far, they have not provided details of the theft, but they confirmed that their POS terminals were infected with malware from September 2014 to February 2016. By infecting their POS systems, unidentified individuals had access to credit card data from clients of Rosen institutions over the past year and a half.



Behind all these attacks is a real economic interest. The hospitality industry has become one of the main targets for cyber criminals. In addition to motivation, it is worth noting the presence of malicious programs specifically designed to collect important information about credit cards through POS systems. Obviously, hackers are not going to retire soon. This alarming situation affects the hotel business not only from an economic point of view, but also undermines its reputation, causes panic among customers and destabilizes the business.

Malicious programs that infect POS terminals to steal credit card data, as well as targeted attacks on hotel IT systems to steal confidential information are two examples of what can happen as a result of a cyber attack. Such attacks have a negative impact on the financial condition of hotels and their reputation.

Hotels need to strengthen security measures in their networks, devices and systems, and also know how to choose the most appropriate solution to protect their IT systems. Not every protection system is suitable for hotel chains, because each of them offers different levels of security, and not everyone is able to protect them in any digital ecosystem or environment.

Decision

To protect against modern threats and targeted attacks will help the system, which ensures the confidentiality of information, protection of data, business reputation and IT assets.

Adaptive Defense 360 is the first and only information security service that combines one of the most effective traditional antiviruses with modern protection and the ability to classify all executable processes.

Adaptive Defensive 360 ​​is able to detect malicious programs and strange behavior that are not detected by other protection services, by classifying all running and executing processes. Because of this, the solution can provide protection against known malware, as well as against zero-day attacks, persistent threats of increased complexity (Advanced Persistent Threats), and targeted attacks. The administrator will always know what is happening with each file and process.

Detailed graphs show everything that happens on the network: the chronology of threats, the flow of information, how active processes behave, how malware gets into the system, where it happens, with whom, how threats get access to information, etc. The solution makes it easy to detect and close vulnerabilities, as well as prevent unwanted elements (navigation tools, adware, additional components, etc.)