Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Trustwave Releases New SpiderLabs Research Focused on Actionable Cybersecurity Intelligence for the Hospitality Industry

Chicago – September 7, 2023 Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research shedding light on the distinctive cybersecurity risks encountered by the hospitality sector. The report, "2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies," explores the specific threats and risks that hospitality organizations face, along with practical insights and mitigations to strengthen their defenses.  

 

In its new research, Trustwave SpiderLabs has documented the attack flow utilized by threat groups, exposing their tactics, techniques, and procedures. From brute forcing to exploiting known vulnerabilities to attacking exposed open ports, these persistent threats pose significant risks to the hospitality industry.  

 

Spanning from hotels to restaurants to cruise ships, the hospitality sector has become deeply woven into the everyday routines of millions of people, making its cybersecurity threat landscape especially vast, complex, and critical. Nearly 31% of hospitality organizations have reported a data breach in their company’s history, of which 89% have been affected more than once in a year, according to a report by Cornell University and FreedomPay. While the average cost of a hospitality breach ($3.4M) is lower than the cross-industry average ($4.4M), the impact on reputation can cause significant harm to the bottom line due to the highly competitive nature of the industry. 

 

“With unique considerations, such as the adoption of contactless technology and the steady turnover of customers and employees, the hospitality industry faces a complex security landscape with distinct challenges,” said Trustwave Chief Information Security Officer Kory Daniels. “In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act. Our latest threat briefing is a valuable resource for security leaders within the hospitality sector, providing a comprehensive view of the threats observed by our SpiderLabs team, along with specific mitigation strategies to bolster defenses.” 

 

The Trustwave SpiderLabs report analyzes threat groups and their methods throughout the attack cycle, from initial foothold through to exfiltration. A few key findings from the report include: 

  • MOVEit RCE (CVE-2023-34362) vulnerability is one of the top exploits threat actors use to target hospitality clients. Analysis of 150+ victims within the hospitality sector shows a significant surge in Clop ransomware attacks due to this MOVEit zero-day vulnerability.
  • HTML attachments make up 50% of the file types being used for email-borne malware attachments. HTML file attachments are being used in phishing as a redirector to facilitate credential theft and for delivering malware through HTML Smuggling.
  • Obtaining credential access, primarily by using brute force attacks, was behind 26% of all reported incidents. This tactic has threat actors leveraging valid accounts to compromise systems by simply logging in using weak passwords that are vulnerable to password guessing.

 

Trustwave SpiderLabs’ research serves as a resource for hospitality organizations to understand and combat the multitude of attack groups, malware variants, and techniques deployed against them. The report explores: 

 

Emerging and Prominent Trends in the Hospitality Industry 

  • Artificial Intelligence and Generative AI: Generative AI is a powerful tool that is being increasingly used by the hospitality sector to improve the guest experience with services like chatbots or language translation, opening the industry up to unique implications and risks.
  • Contactless Technology: Newer features like contactless table payments and smartphone-card reader integrations offer a seamless experience to businesses and customers alike but also introduce new vectors of attack.
  • Third-party Risk and Exposure: An increasing reliance on third-party vendors for services, such as HVAC, vending machines, and point-of-sale (PoS) systems, creates additional risk as more vendors have access to sensitive data or systems.

 

Cybersecurity Challenges Unique to the Hospitality Industry 

  • Seasonal and Less Sophisticated Workforce: The hospitality sector employs a diverse workforce, with seasonal and less sophisticated staff often engaged during peak periods to meet demand. This presents a distinct risk of insider threat, intentional or not, due to the challenge of providing consistent security training to a continually changing group of employees.  
  • Constant User Turnover: Hospitality establishments encounter a fresh set of users virtually every day. This ongoing cycle demands consistent uptime, addresses bandwidth constraints, and strives to minimize potential exposure to security threats.  
  • Dirty Networks: Given the substantial volume of network users, whether they’re hotel guests or individuals connecting to coffee shop Wi-Fi, organizations within hospitality must operate under the assumption their networks are highly susceptible to attacks due to the sheer number of users. This leads to hesitancies to deploy patches and configuration changes that might have an adverse impact on day-to-day operations.    
  • Physical Security Concerns: Unlike conventional office buildings where employee access is typically controlled through access cards, hospitality establishments face cybersecurity risks due to the accessibility of hardware by guests. For instance, the server closet in a hotel could be left unlocked and easily accessible or a thumb drive could easily be inserted into a nearby device.  
  • Franchise Model: The franchise framework leads to disparities in policy consistency and implementation across the industry, including cybersecurity measures. Different franchisers and franchisees adopt varied business models, resulting in divergent cybersecurity practices.

 

Prevalent Threat Actors and Threat Tactics Operating Across Hospitality 

 

Threat Actors: 

  • LockBit 
  • Medusa 
  • Vice Society 
  • BianLian 
  • BlackBasta 
  • Qillin, Royal 
  • Karakurt 
  • Ragnar 

Threat Tactics 

  • Email-borne Malware (Emotet, Qakbot) 
  • Phishing (IPFS, Image Based, Brand Impersonation)  
  • Scams (Fake Order Scams, Extortion Scams)  
  • BEC (e.g., Payroll Diversion)  
  • Malware   
  • Credential Access (Brute Forcing, Auctioned Accounts)  
  • Vulnerability Exploitation

 

To access the full Trustwave SpiderLabs threat report, "2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies," please click here. 

 

About Trustwave 

As a recognized global cyber defender that stops cyber threats all day, every day – we enable our clients to conduct their business securely. 

 

Trustwave detects threats that others can’t see, enabling us to respond quickly and protect our clients from the devastating impact of cyberattacks. We leverage our world-class team of security consultants, threat hunters and researchers, and our market-leading security operations platform to relentlessly identify and isolate threats with the right telemetry at the right time for the right response. 

 

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security. Our elite Trustwave SpiderLabs team provides award-winning threat research and intelligence, which is infused into Trustwave services and products to fortify cyber resilience in the age of advanced threats. 

 
For more information about Trustwave, please visit our website

 

 

 

 

Latest News Releases

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More

Trustwave MailMarshal Now Available on Microsoft Azure Marketplace

Chicago – February 1, 2024 – Trustwave, a global cybersecurity and managed security services leader, today announced the availability of Trustwave MailMarshal on the Microsoft Azure Marketplace, an...

Read More

Aquion and Trustwave Announce Strategic Partnership to Boost Cybersecurity in Australia and New Zealand

Sydney, Australia - Jan 30, 2024 - Aquion, a specialist in value-added software distribution, proudly announces its strategic partnership with global managed cybersecurity leader Trustwave. This...

Read More