Criminals are increasingly exploiting the well-meaning service spirit of hotel employees: Sophos X-Ops has uncovered several cases of a “malspam” campaign targeting hotels around the world. Access comes via phishing and also threatens the guests' data.
The attacks using the RedLine Stealer malware, which specializes in skimming access data, have currently been detected in Spain, France, Germany, Switzerland, the United Arab Emirates and the USA.
Phishing through fake complaints…
The attackers initially contact you with complaints about serious problems the sender allegedly had during a recent stay at the addressed hotel or with a request for information that could help with a possible future booking. These fake complaints include stories of stolen items, hotel illnesses, allergies to cleaning products, and even attempted poisoning.
…then the malware follows, password-protected
Once hotel staff respond to the first phishing attempt, the attackers respond with more extensive “documentation” for either the information request or the complaint. This is a password-protected archive file that contains the malware. As soon as the file is activated, RedLine Stealer comes into play. Even if this malware is not particularly sophisticated, the damage can be enormous. Cybercriminals can use the stolen access data to gain access to other hotel facilities or sell stolen information to other criminals. While this attack targets hotel managers or employees directly, compromising the privacy of hotel guests represents potentially huge collateral damage.
Hotel staff have to pay close attention
Andrew Brandt, Principal Threat Researcher at Sophos, said of the new scam: “Such an attack, which exploits well-meaning hotel managers and employees, can cause problems not only for the hotel, but also for the guests staying there, for a variety of reasons Leave discretion of the hotel staff. Such attacks deprive hotel staff of the opportunity to protect customers' privacy if the stolen access data is misused. Hotel staff and frontline managers should be particularly careful if the person contacting the hotel refuses to provide even basic information in the message, such as: B. the name of the registered guest, their stay details or the reservation number. From a technology perspective, modern endpoint protection and two-factor authentication put a stop to many of these attacks.”
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.