At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved. The RevengeHotels campaign includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has increased its presence in 2019.
Thus, travellers’ credit card data, which is stored in a hotel administration system including those received from online travel agencies (OTAs), is at risk of being stolen and sold to cybercriminals worldwide. Because hotel personnel often copied clients’ credit card data from OTAs in order to charge them, this data could also be compromised.
The main attack vector includes emails with crafted malicious Word, Excel or PDF documents attached. Each spear-phishing email is crafted with special attention to detail. The emails impersonate real people from legitimate organisations who make a fake booking request for a large group of people.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now