Navigating Cybersecurity Challenges in the Hospitality Sector during the Festive Season

Background

The hospitality sector, integral to holiday experiences, faces distinct challenges during the festive season. Its growing reliance on technology and online services has increased its vulnerability to cybersecurity threats, which could lead to severe consequences. These risks encompass a wide range of security issues, including data breaches and ransomware attacks, capable of disrupting operations, compromising customer data, and tarnishing a brand’s reputation.

Introduction

Airbnb, a prominent player in the hospitality industry, is currently grappling with a significant data breach, potentially affecting 1.2 million users. An entity self-identifying as ‘Sheriff’ has claimed responsibility for this breach, exposing sensitive information such as names, email addresses, countries of residence, and city details. This incident is not Airbnb’s first encounter with data privacy issues. In August 2023, Airbnb Ireland faced criticism from the Irish Data Protection Commission for breaches related to user identity document retention and processing. These infringements, revealed in an inquiry initiated in March 2022, contravened GDPR data minimization and storage limits. Consequently, the DPC reprimanded Airbnb, mandating corrective actions and internal policy revisions to enhance user identity verification. Airbnb has affirmed its commitment to adhering to the DPC’s directives and privacy obligations.

Additionally, Octo Tempest, a financially motivated threat actor, has raised concerns across various industries. This group, comprised of native English-speaking threat actors, employs tactics such as adversary-in-the-middle (AiTM), social engineering, and SIM swapping. They initially targeted mobile telecommunications and business process outsourcing organizations through SIM swaps in early 2022. By 2022, Octo Tempest monetized their activities, selling SIM swaps and conducting account takeovers for cryptocurrency theft. In mid-2023, Octo Tempest affiliated with ALPHV/BlackCat, a human-operated ransomware-as-a-service operation. They initially extorted data from organizations without deploying ransomware, but by June 2023, they began using ALPHV/BlackCat ransomware, particularly focusing on VMWare ESXi servers. Their scope expanded to target multiple industries, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services.

Furthermore, the hacking collective known as ‘Play’ has been actively involved in the hospitality sector, taking credit for the intrusion into Firmdale Hotels in September. This breach enabled them to access critical documents and files. Additionally, in July, Luna Hotels & Resorts, a prominent Portuguese hotel chain, fell victim to a cyberattack attributed to the malicious Medusa ransomware group. These incidents emphasize the widespread cybersecurity risks encountered by the hospitality industry.

Techniques

The holiday season marks a peak period for the hospitality industry, characterized by a significant surge in bookings and online transactions. This heightened activity creates a prime opportunity for threat actors to employ diverse tactics, techniques, and procedures in navigating complex hybrid environments, exfiltrating sensitive data, and encrypting information.

One of the foremost cyber risks faced by the hospitality sector during this festive season is data breaches. This industry accumulates and preserves vast amounts of customer data, including personal and payment details, making it an attractive target for cybercriminals pursuing financial gain or identity theft. The aftermath of a successful data breach may entail reputational damage, regulatory fines, and a loss of customer trust.

Another growing concern is the prevalence of ransomware attacks, which the hospitality sector is not immune to. During the holiday season, when operations are at their busiest, a ransomware attack can paralyze an organization, disrupt customer services, and result in substantial financial losses.

Phishing attacks also intensify during the holiday season, as cybercriminals exploit the increased volume of email and online transactions. These scams target both customers and employees, enticing them to divulge sensitive information or inadvertently install malware on their devices.

The hospitality sector’s reliance on third-party vendors and service providers introduces potential vulnerabilities. Cybercriminals can exploit weaknesses in these external partners’ systems to infiltrate an organization’s network.

In addition, threat actors’ resort to social engineering techniques, such as manipulating an organization’s help desk to reset administrator passwords or alter multi-factor authentication settings, underscores the need for heightened vigilance. Advanced social engineering strategies for privilege escalation, including exploiting stolen password policy procedures and bulk data downloads, are evident risks. In some instances, they may even bypass password reset procedures using a compromised manager’s account to approve their requests.

Mitigation

To mitigate such risks, companies in the hospitality sector must invest in cutting-edge cybersecurity measures, with a primary focus on ensuring the safety and privacy of their users in our increasingly interconnected world.

1. Understand Authentication Flows: Gain a thorough understanding of authentication flows in your environment. This includes having visibility into how users and administrators authenticate and access resources.

2. Centralize Administrative Changes: Centralize the visibility of administrative changes in your environment, making it easier to monitor and detect any unauthorized modifications. This centralized view serves as a single pane of glass for administrative activities.

3. Monitor User and Sign-In Risk Detections: Scrutinize all user and sign-in risk detections, particularly for administrators, within a defined timeframe. Pay close attention to common alerts such as “Impossible Travel,” “Unfamiliar Sign-in Properties,” and “Anomalous Token.”

4. Review Conditional Access Policies: Review the coverage of Conditional Access policies and examine the use of trusted locations and exclusions. Ensure that these policies are effectively controlling access to your resources.

5. Custom Domains and Federation Settings: Examine all existing and new custom domains in your tenant, along with their federation settings. This helps in identifying any potential vulnerabilities related to domain settings.

6. Administrator Groups and Roles: Scrutinize administrator groups, roles, and privileges for recent modifications. Ensure that administrative access is carefully controlled and that any changes are thoroughly reviewed.

7. User and Device Identities: Review recently created Microsoft Entra ID users and registered device identities. This helps in detecting any suspicious or unauthorized account creations.

8. Pivots into Organizational Apps: Keep an eye out for any anomalous pivots into organizational applications that may hold sensitive data, such as Microsoft SharePoint and OneDrive. This could indicate unauthorized access attempts.

Conclusion

The hospitality sector, especially during the holiday season, is particularly vulnerable to cyber risks due to the surge in customer data and online transactions. A staggering 90% of data breaches in the hospitality industry can be traced back to external actors. Furthermore, a significant 91% of cybercriminals are primarily motivated by financial gain, with a minority, 9%, involved in espionage activities. The aftermath of successful hacker attacks can have enduring consequences, impacting both individuals and organizations. To safeguard operations, reputation, and the trust of customers, organizations within the hospitality industry must remain vigilant and proactive in implementing robust cybersecurity measures. This involves protecting customer data, preparing for potential ransomware attacks, educating employees about the dangers of phishing scams, and addressing vulnerabilities stemming from third-party partnerships. By taking these proactive steps, the industry can significantly reduce its exposure to cyber risks, ensuring a safe and secure holiday season for businesses and customers alike.

__________________________________________________________________________ 

CRITICALSTART® offers a pioneering solution to modern organizational challenges in aligning cyber protection with risk appetite through its Cyber Operations Risk & Response™ platform, award-winning Managed Detection and Response (MDR) services, and a dedicated human-led risk and security team. By providing continuous monitoring, mitigation, maturity assessments, and comprehensive threat intelligence research, they enable businesses to proactively protect critical assets with measurable ROI. Critical Start’s comprehensive approach allows organizations to achieve the highest level of cyber risk reduction for every dollar invested, aligning with their desired levels of risk tolerance.

References

1. https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/

2. https://thecyberexpress.com/airbnb-data-breach-millions-records-on-sale/?&web_view=true