Trustwave, a leading cybersecurity and managed security services provider, has released comprehensive research shedding light on the distinctive cybersecurity risks encountered by the hospitality sector. The report, 2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, explores the specific threats and risks that hospitality organisations face, along with practical insights and mitigations to strengthen their defences.
In its new research, Trustwave SpiderLabs has documented the attack flow utilised by threat groups, exposing their tactics, techniques and procedures. From brute forcing to exploiting known vulnerabilities to attacking exposed open ports, these persistent threats pose significant risks to the hospitality industry.
Spanning from hotels to restaurants to cruise ships, the hospitality sector has become deeply woven into the everyday routines of millions of people, making its cybersecurity threat landscape especially vast, complex and critical. Nearly 31% of hospitality organisations have reported a data breach in their company’s history, of which 89% have been affected more than once in a year, according to a report by Cornell University and FreedomPay. While the average cost of a hospitality breach (US$3.4 million) is lower than the cross-industry average (US$4.4 million), the impact on reputation can cause significant harm to the bottom line due to the highly competitive nature of the industry.
“With unique considerations, such as the adoption of contactless technology and the steady turnover of customers and employees, the hospitality industry faces a complex security landscape with distinct challenges,” said Trustwave Chief Information Security Officer, Kory Daniels. “In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act. Our latest threat briefing is a valuable resource for security leaders within the hospitality sector, providing a comprehensive view of the threats observed by our SpiderLabs team, along with specific mitigation strategies to bolster defences.”
The report analyses threat groups and their methods throughout the attack cycle, from initial foothold through to exfiltration. A few key findings from the report include:
- MOVEit RCE (CVE-2023-34362) vulnerability is one of the top exploits threat actors use to target hospitality clients. Analysis of 150+ victims within the hospitality sector shows a significant surge in Clop ransomware attacks due to this MOVEit zero-day vulnerability.
- HTML attachments make up 50% of the file types being used for email-borne malware attachments. HTML file attachments are being used in phishing as a redirector to facilitate credential theft and for delivering malware through HTML Smuggling.
- Obtaining credential access, primarily by using brute force attacks, was behind 26% of all reported incidents. This tactic has threat actors leveraging valid accounts to compromise systems by simply logging in using weak passwords that are vulnerable to password guessing.
Trustwave SpiderLabs’ research serves as a resource for hospitality organisations to understand and combat the multitude of attack groups, malware variants and techniques deployed against them.
