Hotels, restaurant chains, and related tourism services have been subject to a range of techniques when it comes to cybercrime; the compromise of Point-of-Sale (PoS) terminals to harvest guest data, phishing emails sent to staff which are designed to give attackers access to internal systems, and Man-in-The-Middle (MiTM) attacks through hotel public Wi-Fi hotspots being only some of the potential attack vectors.
The data that the hospitality industry accepts, processes, and holds is valuable. Guest Personally Identifiable Information (PII) and financial information can be used in spear-phishing schemes, sold on in bulk, or potentially used to create clone cards when strong encryption is not in place to protect payment data.
First spotted in 2015 but appearing to be most active this year, RevengeHotels has struck at least 20 hotels in quick succession. The threat actors focus on hotels, hostels, and hospitality & tourism companies.
While the majority of the RevengeHotels campaign takes place in Brazil, infections have also been detected in Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, and Turkey.
While RevengeHotels is the main perpetrator of these campaigns, Kaspersky also spotted another group, ProCC, ProCC uses a more sophisticated backdoor that is also able to capture information from PC clipboards and printer spoolers.
Read the full article at ZDNet
