Share
Hotels and hospitality businesses across the UK are facing a steep rise in cyber incidents following an increase in attacks specifically designed to target this industry. Rather than relying purely on traditional and ‘blunt’ ransomware attacks, threat actors are using highly targeted social engineering techniques, and malware tailored to operate in this area, to exploit day to day operational pressures that those in the industry generally face.
Kennedys’ cyber team has seen a stark increase in these types of attacks in recent months, which typically begin with convincing phishing emails themed around upcoming reservations or guest enquiries. These messages often prompt hotel staff to ‘verify’ or ‘review’ booking details. Once clicked, the threat actor is able to run specially crafted malware to execute malicious commands on devices, allowing them to harvest credentials while remaining undetected.
What makes these incidents particularly challenging to detect is how ‘normal’ the attacker behaviour looks once access is gained. Using stolen credentials and the organisation’s own systems, threat actors can log into an organisation’s legitimate guest management platforms (e.g. booking.com), from trusted locations and endpoints, meaning suspicious login alerts or MFA challenges are often not triggered. From there, threat actors can monitor bookings, extract guest information or impersonate the organisation to contact guests with fraudulent payment requests from within the hotel’s systems.
The hospitality industry is especially exposed to this type of attack because speed and responsiveness are core to the guest experience. Staff are trained to act quickly on guest communications, and that operational pressure creates an opportunity for tailored social engineering to succeed.
The recent wave of incidents serves as a reminder that cybersecurity in hospitality is no longer just an IT issue, but is in fact an operational and reputational risk.
United Kingdom