Excerpt from ZDNet

The hospitality industry can’t catch a break when it comes to cybercrime.

It seems that any possible way cybercriminals can exploit the hospitality industry, they will. 

Hotels, restaurant chains, and related tourism services have been subject to a range of techniques when it comes to cybercrime; the compromise of Point-of-Sale (PoS) terminals to harvest guest data, phishing emails sent to staff which are designed to give attackers access to internal systems, and Man-in-The-Middle (MiTM) attacks through hotel public W-Fi hotspots being only some of the potential attack vectors.

The data that the hospitality industry accepts, processes, and holds is valuable. Guest Personally Identifiable Information (PII) and financial information can be used in spear-phishing schemes, sold on in bulk, or potentially used to create clone cards when strong encryption is not in place to protect payment data. 

To add to a growing list of threat actors that specialize in attacks against hotels and hospitality organizations, such as DarkHotel, on Thursday, Kaspersky published research on a targeted campaign called RevengeHotels. 

First spotted in 2015 but appearing to be most active this year, RevengeHotels has struck at least 20 hotels in quick succession. The threat actors focus on hotels, hostels, and hospitality & tourism companies.

While the majority of the RevengeHotels campaign takes place in Brazil, infections have also been detected in Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, and Turkey.

The threat group deploys a range of custom Trojans in order to steal guest credit card data from infected hotel systems as well as financial information sent from third-party booking websites such as Booking.com. 

Click here to read complete article at ZDNet.