Hospitality cybersecurity was analyzed in a recent report by Trustwave. According to the report, artificial intelligence, contactless technology and third-party exposures all pose risks to the industry.

Obtaining credential access, primarily by using brute force attacks, was behind 26% of all reported incidents. This tactic has threat actors leveraging valid accounts to compromise systems by simply logging in using weak passwords that are vulnerable to password guessing.

According to the report, the MOVEit RCE (CVE-2023-34362) vulnerability is one of the top exploits threat actors use to target hospitality clients. Analysis shows a significant surge in Clop ransomware attacks due to this MOVEit zero-day vulnerability. HTML attachments make up 50% of the file types being used for email-borne malware attachments. HTML file attachments are being used in phishing as a redirector to facilitate credential theft and for delivering malware through HTML smuggling.

Given the substantial volume of network users, whether they’re hotel guests or individuals connecting to coffee shop Wi-Fi, organizations within hospitality must operate under the assumption their networks are highly susceptible to attacks due to the sheer number of users. This leads to hesitancies to deploy patches and configuration changes that might have an adverse impact on day-to-day operations.

Top threat actors:

  • LockBit
  • Medusa
  • Vice Society
  • BianLian
  • BlackBasta
  • Qillin, Royal
  • Karakurt
  • Ragnar

Top threat tactics

  • Email-borne malware (Emotet, Qakbot)
  • Phishing (IPFS, image based, brand impersonation)
  • Scams (fake order scams, extortion scams)
  • BEC (e.g., payroll diversion)
  • Malware
  • Credential access (brute forcing, auctioned accounts)
  • Vulnerability exploitation

Read the full report here.