Hotels worldwide targeted by cybercriminals to steal guests' credit card data

Wednesday 4 December 2019 09:59 CET | News

Kaspersky’s research of the RevengeHotels campaign has confirmed that over 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks.

At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved. The RevengeHotels campaign includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has increased its presence in 2019.

Thus, travellers’ credit card data, which is stored in a hotel administration system including those received from online travel agencies (OTAs), is at risk of being stolen and sold to cybercriminals worldwide. Because hotel personnel often copied clients’ credit card data from OTAs in order to charge them, this data could also be compromised.

The main attack vector includes emails with crafted malicious Word, Excel or PDF documents attached. Each spear-phishing email is crafted with special attention to detail. The emails impersonate real people from legitimate organisations who make a fake booking request for a large group of people.

Once infected, computers can be accessed remotely, and not just by the cybercriminal group itself. Evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis.
More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Kaspersky, cybersecurity, hotels, credit card data, RevengeHotels, malware attacks, fraud prevention
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events