The Hotel Hijackers

After all these years we’ve been in cyber security, there is one thing we know for sure: a cyber-criminal’s main motivation is always money. That’s why the hackers use Trojans to get the confidential data: the always-multiplying, information-stealing bugs that infect our computers and devices. One example of this is CryptoLocker, a popular attack that uses ransomware to encrypt important information then forces the victim to pay a ransom to get it back. Over time, we’ve witnessed both the “classic” malware and the new attacks that are devised specifically for each victim, and how companies are dealing with these attacks. Most recently, these cyber-criminals have been going after hotel chains.

Hackers see hotels as juicy business. When a phisher considers a hotel, they are thinking of how they can “fish” from the millions of rooms, used by millions of customers, which generates millions of pounds. From booking a room to the payments made at shops and restaurants, hotel chains have complex networks that save enormous amounts of sensitive and private data, just waiting to be compromised. If you stayed at a hotel recently, you might want to double-check your credit card statements…

Most of the hotels, regardless of size, have been victims of cyber-crimes. Cyber-criminals also have their eyes set on companies that provide services for the hotels. 

Some Examples…

White Lodging manages a number of well-known hotels like the Hilton, Marriott, Hyatt, Sheraton, and Westin hotels. Although they are more of a hotel management company than a hotel chain, they were still victims of a big cyber-attack. Customer credit card and debit card information was compromised from fourteen of their hotels. A while later, they suffered another attack, this time hitting ten hotels (some of them were also victims of the previous attack). The hackers came back for more: stealing data from credit cards like customer names, numbers, security codes, and expiration dates. This affected 24 hotels.

The luxurious Mandarin Oriental was attacked too. Malware infected POS (Point-of-Sale) terminals from some of the group’s hotels in Europe and America. The malware was specially designed and directed towards these type of machine systems, allowing them to steal credit card information.

One of the biggest cyber-attacks in hotel history. The Hyatt hotel chain confirmed that a press release resulted in infected point-of-sale terminals from 249 hotels of their hotels in 54 countries. Their POS terminals were infected, and all customer credit card information was stolen.

There is real economic interest behind these attacks and curiosity about remaining unknown. The hotel sector has become one of the main targets for cyber-criminal gangs. Along with motivation, there is malware that is designed specifically to scrape important credit card information from the POS systems, making it clear that these hackers won’t be going away anytime soon. This alarming situation not only affects the sector economically, but it endangers their reputation, causes panic among their customers and destabilises the business. 

Malware that infects point-of-sale terminals to steal credit card data, and targeted attacks against hotel systems to steal confidential data, are two examples of what can happen during a cyber-attack. These kinds of attacks have severe repercussions to a hotel’s finances and reputation. Hotels need to reinforce security on their network, devices and systems, and know how to choose the right protection system for their business. Not any protection system will work for this sector, because not all of them offer the same level of security, and not all of them can protect in any digital ecosystem or business environment.

To protect against advanced threats and targeted attacks, we need to have a system that guarantees Data Confidentiality, Privacy of Information and Business Reputation, and Legacy.

JC Cyber Security’s Protection Plan offers first and only cyber security service that combines the most effective traditional anti-virus and the latest advanced protection with the capability of classifying all executed processes.  

Packages on offer can detect malware and strange behaviours that other protection services cannot because it classifies all running and executed processes. 

Thanks to that, it can ensure protection against known malware and advanced Zero-Day Threats, Advanced Persistent Threats and Direct Attacks. 

We are able to oversee everything that takes place on the network: timeline of threats, flow of information, how the active processes behave, how the malware entered the system, where it is going, who intended to do what and how they got that information and more!

Protect your business and customers now, talk to us about The Protection Plan.