At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved. The RevengeHotels campaign includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has increased its presence in 2019.
Thus, travellers’ credit card data, which is stored in a hotel administration system including those received from online travel agencies (OTAs), is at risk of being stolen and sold to cybercriminals worldwide. Because hotel personnel often copied clients’ credit card data from OTAs in order to charge them, this data could also be compromised.
The main attack vector includes emails with crafted malicious Word, Excel or PDF documents attached. Each spear-phishing email is crafted with special attention to detail. The emails impersonate real people from legitimate organisations who make a fake booking request for a large group of people.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.