Perfidious cyber attacks on hotels


Share post

Criminals are increasingly exploiting the well-meaning service spirit of hotel employees: Sophos X-Ops has uncovered several cases of a “malspam” campaign targeting hotels around the world. Access comes via phishing and also threatens the guests' data.

The attacks using the RedLine Stealer malware, which specializes in skimming access data, have currently been detected in Spain, France, Germany, Switzerland, the United Arab Emirates and the USA.

Phishing through fake complaints…

The attackers initially contact you with complaints about serious problems the sender allegedly had during a recent stay at the addressed hotel or with a request for information that could help with a possible future booking. These fake complaints include stories of stolen items, hotel illnesses, allergies to cleaning products, and even attempted poisoning.

…then the malware follows, password-protected

Once hotel staff respond to the first phishing attempt, the attackers respond with more extensive “documentation” for either the information request or the complaint. This is a password-protected archive file that contains the malware. As soon as the file is activated, RedLine Stealer comes into play. Even if this malware is not particularly sophisticated, the damage can be enormous. Cybercriminals can use the stolen access data to gain access to other hotel facilities or sell stolen information to other criminals. While this attack targets hotel managers or employees directly, compromising the privacy of hotel guests represents potentially huge collateral damage.

Hotel staff have to pay close attention

Andrew Brandt, Principal Threat Researcher at Sophos, said of the new scam: “Such an attack, which exploits well-meaning hotel managers and employees, can cause problems not only for the hotel, but also for the guests staying there, for a variety of reasons Leave discretion of the hotel staff. Such attacks deprive hotel staff of the opportunity to protect customers' privacy if the stolen access data is misused. Hotel staff and frontline managers should be particularly careful if the person contacting the hotel refuses to provide even basic information in the message, such as: B. the name of the registered guest, their stay details or the reservation number. From a technology perspective, modern endpoint protection and two-factor authentication put a stop to many of these attacks.”

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more