Security company Trustwave believes crime group Carbanak, responsible for stealing more than $1bn from banks in 2015 and more recently attacking the Oracle Micros POS support site which put more than a million EPoS systems at risk in the US, is now targeting hospitality.
In the last month, the company has been investigating cyber attacks on three hospitality businesses, including one restaurant group, in the US, and its director of global incident readiness and response Brian Hussey thinks it is just a matter of time before it spreads elsewhere.
“So far the attacks have mainly been in North America, but it is spreading to Europe, Australia and parts of Asia,” he said. “It’s one of the most active campaigns I’ve seen since I started in the business.”
How they attack
Hussey said the main way hospitality businesses were being attacked was via a reservation. In known cases, criminals have made a call to reception staff or a reservations line, claiming they are unable to use the online reservations system and have instead sent an email with attachment containing a compromised link.
Hussey said: "They are very good at convincing staff to click on the link, they are incredibly sophisticated in the way they do it."
Once the link has been clicked on, malware is activated which, depending on the type of system a business is using for reservations, can steal customers' credit card data, search email addresses, access more of the network and even disable systems.
"Once they get that first foothold into the network then they are able to explore the network and get what they want," said Hussey. "It's hard to know how much they are getting. We are working on a case currently where they are changing their dynamics as we investigate. Some of them are so brazen, even after we manage to lock them out, they call back and ask for reservations again."
Protect your business
Hussey says while the attacks are concerning, there are ways hospitality business can protect themselves against them.
"The human link is often the weakest, so training, especially for anyone directly dealing with the public is crucial, because they (the criminals) are convincing," he said.
Disabling macros on the word documents sent through containing the suspicious links, would also help, as would making your reservations system separate from any other system, Hussey advised.
"You could have a policy where you just don’t accept attachments - it could be seen as a negative - but is something to consider," he added.
Hotel chains Hyatt and Starwood are among the companies suffering cyber attacks in the last two years with unauthorised malware accessing systems and collecting customer data.