Chicago – May 21, 2025 – Trustwave, a leading cybersecurity and managed security services provider, today released its latest threat intelligence report, the 2025 Trustwave Risk Radar Report: Hospitality Sector and two supplemental deep dive reports: How Threat Actors Turn Vulnerabilities Into Big Business and A DFIR Case Study in Hospitality. Developed by Trustwave SpiderLabs, this in-depth reporting reveals how cybercriminals are professionalizing, collaborating, and exploiting vulnerabilities in the hospitality industry at an unprecedented scale.
“The hospitality industry is a highly competitive industry continuously pushing technology to enhance the customer experiences and brand loyalty. Rapid technology innovation is also creating unintended exposure and opportunities for criminal activity to attempt to exploit vulnerabilities," said Kory Daniels, CISO at Trustwave. "Our latest threat report demonstrates that criminals are leveraging similar tech innovation to achieve greater financial success. Trustwave is committed to helping hospitality organizations stay ahead of these criminal groups through intelligence sharing, education, and exposure reduction.”
“I'm thrilled to see that Trustwave recognizes the unique threats to the hospitality industry and focused an entire Threat Briefing to our space. Cybersecurity and hospitality often create a ‘cultural conflict’. Hospitalitarians strive to go above and beyond for our guests - we are by design hospitable.’ That desire to be helpful to our guests often conflicts with the need to be cyber aware,” said David Todd, SVP, Chief Information & Security Officer, White Lodging.
The hospitality sector, long focused on digital transformation to enhance guest experiences, continues to face a rapidly evolving threat landscape. The new report uncovers how threat actors are leveraging advanced tactics, cooperative fraud schemes, and underground marketplaces to target hotels, restaurants, and casinos.
Key findings include:
- Professionalization and Collaboration Among Threat Actors: Cybercriminals are mirroring legitimate industry practices, sharing knowledge, and coordinating attacks through dark web forums, encrypted messaging channels, and private marketplaces.
- Deep Access and System Manipulation: Once inside hospitality networks, attackers can manipulate property management systems, payment platforms, and guest communications, enabling sophisticated fraud, data theft, and operational disruption.
- Fraudulent Booking Platforms and Dark Web Travel Agencies: SpiderLabs research exposes illicit booking services and “travel agencies” on the dark web, offering discounted stays and services using stolen payment credentials and compromised loyalty accounts.
- Casino and Restaurant Fraud: The report details how attackers exploit POS and PMS systems, orchestrate chargeback scams, and even set up entire illicit casino operations.
- Actionable Security Recommendations: The report provides practical guidance for hospitality businesses to strengthen defenses, detect fraud, and mitigate risk across digital and physical operations.
Trustwave SpiderLabs’ 2025 research series on the hospitality vertical includes:
- 2025 Trustwave Risk Radar Report: Hospitality Sector
- Hospitality Sector Deep Dive: How Threat Actors Turn Vulnerabilities Into Big Business
- Hospitality Sector Deep Dive: A DFIR Case Study in Hospitality
To access this year’s research, please click here for the full hospitality series.
About Trustwave
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats.
Trustwave’s comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes its clients’ cyber investment, and improves security resilience. Trusted by thousands of organizations worldwide, Trustwave leverages its world-class team of security consultants, threat hunters, researchers, and market-leading security operations platform to decrease the likelihood of attacks and minimize potential impact.
Trustwave is an analyst-recognized leader in managed detection and response (MDR), managed security services (MSS), cyber advisory, penetration testing, database security, and email security. The elite Trustwave SpiderLabs team provides industry-defining threat research, intelligence, and threat hunting, all of which are infused into Trustwave services and products to fortify cyber resilience in the age of inevitable cyber-attacks.
For more information about Trustwave, please visit: https://www.trustwave.com/en-us/.
