Panda Security UK

The Hotel Hijackers - Hackers see hotels as an easy target

Press release   •   Apr 28, 2016 10:35 BST

Bracknell, Apr 2016

After all these years we’ve been in the computer security business, there is one thing we know for sure: a cyber-criminal’s main motivation is always money.

That’s why the hackers use Trojans to get the confidential data: the always-multiplying, information-stealing bugs that infect our computers and other devices.

Most recently, these cyber-criminals have been going after hotel chains, you can view our guide, infographic and video on the Panda Media Center http://www.pandasecurity.com/mediacenter/news/the-hotel-hijackers/

Why hotels?
Hackers see hotels as juicy business.

When a phisher considers a hotel, they are thinking of how they can “fish” from the millions of rooms, used by millions of customers, spending millions of dollars.

From booking a room to the payments made at shops and restaurants, hotel chains have complex networks that save enormous amounts of sensitive and private data, just waiting to be compromised. If you stayed at a hotel recently, you might want to double-check your credit card statements…

A troubled history
2015 set a new milestone in this sector with most of the hotel groups, and their support companies, regardless of size, have been victims of cyber-crimes.

  • White Lodging - At least 24 hotels were victims of cyber-attacks on separate occasions in 2014 and again in 2015, with some hotels infected by both attacks
    • Mandarin Oriental - Infected Point of Service terminals across USA & Europe were stealing Credit card information with each purchase.
    • Trump Hotels - Computers and Point of Service terminals in the restaurants and gift shops were infected for 12 months before detection.
    • Starwood - 54 of their hotels fell victim to malware that infected Point of Service terminals, stealing credit card information from clients.
    • Hyatt Hotels - Malware infected Point of Service terminals, stole credit card information on purchases in restaurants, spas, golf shops and parking across 250 locations in 50 countries.
    • Hilton Worldwide - Point of Service terminals were infected. Credit card information, complete names, expiration dates, and security codes were stolen.
    • Hard Rock Las Vegas - Criminals infiltrated the network, accessed and used a total of 173,000 stolen credit cards.
    • Rosen Hotels & Resorts - Point-of-sale terminals were infected with malware for 18 months until February 2016.
  • This is not a fad
    The hotel sector has become one of the most lucrative targets for cyber-criminal gangs, with millions be spent and a constantly refreshing target base of visitors.

    With off-the-shelf malware available specifically designed to scrape credit card information from the POS systems prevalent in hotel chains, it is clear that these hackers won’t be going away anytime soon.

    This alarming situation not only affects the sector economically, but it endangers their reputation, causes panic among their customers (especially endangering data of business travellers) and destabilizes the business.

    The solution
    Hotels need to reinforce security on their network, devices and systems, and know how to choose the right protection system for their business.

    To protect against advanced threats and targeted attacks we need to have a system that guarantees Data Confidentiality, Privacy of Information and Business Reputation, and Legacy.

    Adaptive Defensive 360 can detect malware and strange behaviors that other protection services cannot because it classifies all running and executed processes.

    More info at: www.pandasecurity.com/enterprise/solutions/adaptive-defense-360

    About Panda Security
    Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions. With head offices in Spain, the company has direct presence in over 80 countries, products translated into more than 23 languages and millions of customers around the world. The company’s mission is to simplify complexity, creating new and improved solutions to protect users’ digital lives.
    For more information, visit http://www.pandasecurity.com/.

    Neil Martin
    neil.martin@uk.pandasecurity.com
    Tel. 0844 335 3791
    Direct Tel: 01344 398983

    Linkedin - https://www.linkedin.com/in/mrneilmartin
    Facebook - https://www.facebook.com/PandaSecurityUK
    Twitter - http://twitter.com/PandaSecurityUK
    Youtube - http://www.youtube.com/PandaSecurity1