Cyberattacks Evolve as the Hospitality and Travel Industry Adapts

by Ashitha Bhanu on October 26, 2020

While the world fights against the COVID-19 pandemic, cybercriminals are out in full force with a multitude of scams designed to take advantage of the confusion and panic. COVID-19 has — by necessity — made us all more comfortable working, playing, and buying online.

This global shift to digital technologies and services has opened another door for enterprising cybercriminals to launch highly sophisticated cyberattacks. Some target cybervulnerabilities in industries that have been most impacted by the current crisis, with data breaches, credential abuse, ransomware, phishing, script attacks, and DDoS attacks.

The Hospitality and Travel (H&T) industry is easy prey for threat actors as the industry has undergone a major shift in recent years; in a bid to gain competitive advantage and keep up with online travel aggregators, many H&T companies are becoming completely digitized. Reservation apps, payment processing systems, loyalty programs linked to other digital platforms for easy redemption of rewards, and complex corporate networks all increase the likelihood of an attack.

At the same time, across the world, large volumes of business emails are sent out every day from hotels, restaurants, travel providers and airlines on safety measures, well-being messages, and changes in loyalty programs related to the COVID-19 situation; this makes the H&T industry low-hanging fruit because of the value and volume of the personally identifiable information that these organizations hold.

There have been myriad data breaches in the H&T industry to date and just some of them have hit the headlines in recent years. The common cyberthreats haunting H&T industry right now include:

Sponsorships Available

Credential Abuse
With continued travel restrictions and concerns associated with the novel coronavirus, the H&T industry is changing its loyalty game plan by revising the policies to benefit and retain its customer base. Major Hospitality and Travel companies have imposed pauses on the expiration of the reward points and are offering an extension of loyalty memberships. The cumulative reward points of thousands of travelers across the world are at stake now, as these accounts are vulnerable to loyalty fraud or credential abuse.
Personally Identifiable Information (PII) Theft
As noted in the 2019 Retail and Hospitality Threat Trend Report, cybercrime affecting the H&T industry has been much broader in origin vectors like online booking, in-hotel wi-fi networks, and other customer or B2B touchpoints that have been the subject of breaches. In late 2019, a France-based hotel booking firm suffered a data breach impacting 600,000 hotels that it serves worldwide. This trend of supply chain incidents is likely to continue as more companies move data to new virtualized environments, such as cloud and SaaS platforms.
Phishing Attacks
A new Corona Virus phishing scheme has emerged in the United States, along with similar schemes in the United Kingdom, Western Europe, and Asia. Hackers are targeting mobile phone apps and websites by baiting users into clicking malicious links to steal credentials or deliver dangerous payloads of the latest malware and ransomware strains. Cybercriminals are also using “corona” or “COVID” as a part of the URL to carry out phishing attacks. These phishing schemes are trying to impersonate a hotelier, an online travel agency, or a travel company to trick people in order to steal their credentials.
Magecart Attacks
Magecart and digital skimming attacks can cause significant brand damage to e-commerce companies by exposing the financial information of thousands of customers who made transactions on the e-commerce website.
- Trend Micro, a cybersecurity firm, said that in early September 2019, two hotel booking websites owned by separate international hotel chains were hit by a Magecart credit card skimming attack on mobile devices
- A major airline paid $230M in regulatory fines for Magecart attacks that occurred in 2017 and remains exposed to millions more in liabilities
- Magecart-style activity was also observed targeting ticket resellers for international sports events in late 2019, compromising the credit card details of users who made purchases on reseller website
DDoS and Ransom DDoS (RDOS) Attacks
With unprecedented restrictions imposed on the restaurant industry to shut down the dine-in option to control the spread of COVID-19, there is a huge demand for online food delivery services, making it an opportunity for cybercriminals to launch attacks on the systems of takeaway and food delivery services. Takeaway.com, a food delivery service in Germany, recently suffered a DDoS attack with cybercriminals demanding 2 bitcoins (~ $11,000 USD) to stop the siege.

We are seeing the same pre-pandemic vulnerabilities being exploited by cybercriminals during COVID-19, sometimes with slightly different hooks or tactics.

At the same time, in the post-COVID-19 era, the attack surface will expand as more H&T companies pivot to digital commerce and next-generation supply chains. It is more imperative than ever that H&T companies remain focused on the broader picture, addressing threats that are relevant now and will continue beyond COVID-19.

COVID-19 Cyberattacks — Akamai’s Preparedness with Edge-Based Security

As the largest distributed platform operating at the edge of the internet, Akamai provides a defensive shield built to protect your websites, mobile infrastructure, and API-driven requests from potential security threats, and has the ability to operate in the event of a disruption.

As a market leader in edge-based security, Akamai has spent years developing and delivering industry-leading solutions to help solve these problems and help you render an enhanced customer experience without compromising security and privacy.

Our adaptive, intelligent security reduces your attack surface, provides defense against threats like DDoS, application, API and in-browser attacks, script attack, credential abuse, phishing, ransomware, and malware. Akamai is constantly monitoring enterprise threats; the real-time visualization shows the phishing, malware, and command and control threats that Akamai is blocking (for customers) through its Akamai Intelligent Edge Platform and its unprecedented insights into DNS and IP traffic.

On June 21, 2020, Akamai mitigated yet another record-shattering attack (419 Gbps and 809 Mpps) that generated 809 million packets per second (Mpps), the largest packet-per-second DDoS attack ever recorded on the Akamai platform. By implementing the proactive rules associated with the zero-second SLA mitigation, for example, the Akamai SOCC was able to stop the attack in its tracks before it entered the platform, let alone affected the customer.

Ari Weil, Vice President of Product Marketing at Akamai shares more insights on RDoS in his latest blogpost, Unprecedented Levels of Ransom DDoS Extortion Attacks, which was covered by Akamai’s Security Intelligence Response Team (SIRT) in a Security Alert released on August 17, 2020.

With travel bans and quarantines imposed across most of the world, many people are staying home. Given the situation, people are not likely to check their loyalty accounts until they are planning their next vacation, but people will continue to use online food delivery services until the situation is back to normal. Both conditions can increase risks in different ways. Cybercriminals frequently strike during times of crisis and it is clear that the H&T industry is an easy pick during this pandemic.

Protecting websites, apps, APIs, customers, and their personal information by tightening up the cybersecurity during the COVID-19 crisis is critical for H&T information security and risk management officers. Cybersecurity will continue to be more of a top of mind strategy for H&T organizations to avoid the catastrophic implications of an attack and focus on their business recovery.