Over 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks

Woburn, MA – December 2, 2019 — /BackupReview.info/ — Kaspersky’s research of the RevengeHotels campaign has confirmed that over 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks. As a result, travelers’ credit card data, which is stored in a hotel administration systems including those received from online travel agencies (OTAs), is at risk of being stolen and sold to cybercriminals worldwide.

The RevengeHotels campaign includes different groups using traditional Remote Access Trojans (RATs) to infect businesses in the hospitality sector. The campaign has been active since 2015 but has increased its presence in 2019. At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, however more cybercriminal groups are potentially involved.

The main attack vector includes emails with crafted malicious Word, Excel or PDF documents attached. Some of them exploit CVE-2017-0199, loading it using VBS and PowerShell scripts. It then installs customized versions of various RATs and other custom malware, such as ProCC, on the victim’s machine that could later execute commands and set up remote access to the infected systems.

Each spear-phishing email is crafted with special attention to detail. The emails impersonate real people from legitimate organizations who make a fake booking request for a large group of people. It is worth noting that even careful users could be tricked to open and download attachments from such emails as they include an abundance of details (for instance, copies of legal documents and reasons for booking at the hotel) and looked convincing. The only detail that would reveal the attacker would be a typosquatting domain of the organization.

Once infected, computers can be accessed remotely, and not just by the cybercriminal group itself. Evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis. Malware collected data from hospitality desk clipboards, printer spoolers and captured screenshots (this function was triggered using specific words in English or Portuguese). Because hotel personnel often copied clients’ credit card data from OTA’s in order to charge them, this data could also be compromised.

Kaspersky telemetry confirmed targets in Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. However, based on data extracted from Bit.ly, a popular link shortening service used by the attackers to spread malicious links, Kaspersky researchers assume that users from many other countries have at least accessed the malicious link, suggesting that the number of countries with potential victims could be higher.

“As users grow wary of how protected their data truly is, cybercriminals turn to small businesses, which are often not very well protected from cyberattacks and possess a concentration of personal data,” said Dmitry Bestuzhev, head of global research and analysis team for Kaspersky Latin America. “Hoteliers and other small businesses dealing with customer data need to be more cautious and apply professional security solutions to avoid data leaks that could potentially not only affect customers, but also damage hotel reputations as well.”

For more information and to read the full report, RevengeHotels: cybercrime targeting hotel desks worldwide, visit Securelist — https://securelist.com/revengehotels/95229/

About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com

Media Contact:
Cassandra Faro
Cassandra.Faro@Kaspersky.com
781-503-1812

Source: Kaspersky

 

 

 

General Tags: software as a service, SaaS, compare online backups, data security, backing up online, online backup providers directory, online backup, online file backup, online backup news, data storage, CEO interviews, top rated online backups, online file storage, cloud computing, online backup services, online backup reviews, online backup companies, online data backup

Like us on Facebook




===========================
Do you like this post? Subscribe to our RSS feed ===========================



Share/Save/Bookmark

Related posts:

  1. Cybercriminals Using Popular TV Shows to Spread Malware, Finds Kaspersky Lab
  2. Kaspersky Research Finds Over a Third of Small Businesses Have Suffered a Data Breach so far in 2019
  3. Over 900,000 Users Hit in a Year by Fake Video Games Spreading Malware, Kaspersky Research Finds
  4. Kaspersky Research Finds Continued Growth in Cyberthreats to Apple Users
  5. Kaspersky Lab Research Finds Consumers Estimate High Cost of Replacing Lost Data
  6. Kaspersky Research Finds Suspicious Objects are Malicious in Almost Three-quarters of Investigated Cases
  7. Kaspersky Lab Finds Malicious Mobile Banker Packages Grew by 58% in Q1 2019
  8. Kaspersky Lab Identifies Alarming Trend: Cybercriminals are Focusing Heavily on Businesses
  9. Kaspersky Finds Ransomware Now Targeting Backup Data
  10. Breakups Put Online Privacy at Risk, Finds Kaspersky Lab Research

Tags: ,