Inhospitality in the Hospitality Industry: Global Malicious Spam Campaign

Business Insights

A global malspam campaign was recently uncovered, and its target is the hospitality industry. Learn about this new threat and how to protect your business.

In mid-December of 2023, threat researchers from Sophos X-Ops compiled and published a report regarding the newly discovered malspam campaign targeting the hotel industry. The gathered evidence provided a better insight into the tactics used by cybercriminals to get their hands on the valuable information.

The attack had immediately gone global, and hackers had sent two types of emails to hotels worldwide. Similarly to previous malspam campaigns, the contents were crafted to invoke an emotional response from their target and motivate them to resolve the problem as soon as possible.

People in the hospitality industry always do their best to make their customers happy, so it's no wonder some fell for the scam.

Types of emails featured in the malspam campaign

Threat researchers identified two types of emails sent as a part of this malspam campaign. First is an email featuring service problems such as theft, physical attacks, or mistreatment by the hotel staff during the stay. The second type is information about the services like accessibility to guests who use wheelchairs, food menu for people with allergies, and more.

The initial message is designed to start a conversation with the hotel manager or staff. Once they reply, the attacker will send a link to a password-protected archive uploaded to a cloud storage platform such as Google Drive or Dropbox. They will claim the archive contains all the necessary documents.

For instance, if a hotel manager asks for their hotel receipt for the dates when something allegedly happened, the email author will say it's in the archive along with other proof. Of course, the archive doesn't contain any documents. Instead, the malware payload is concealed within the file.

Details about the malware

So, how does this malware work? Uploading a password-protected archive prevents the cloud service from scanning the contents. Therefore, these files can be shared with targets and trick them into thinking the contents are safe. Google Drive wouldn't allow malware uploads, would it?

Secondly, this type of malware is not a small executable file. The discovered files are larger than 600MB. That is yet another feature that enables hackers to go around standard antivirus software because the scans often focus on smaller files. Some have a fake code-validation certificate.

Surprisingly, the malware will only run once, collecting the data it wants to steal, such as login information, cookies, and the profile of the machine. After the initial extraction, malware will stay dormant. Threat researchers have managed to link the malware to a Telegram app channel.

The impact on the hospitality industry

Every cybersecurity breach can lead to serious problems for the hotel that was targeted in the attack. When hackers get their hands on the login information of hotel managers, they have access to all the data and information about the facility. As a result, hotel guests and their privacy will be impacted by the malware.

Those who pay with credit cards could have their financial information stolen and used by cybercriminals. Of course, knowing that a hotel's cybersecurity was breached at one point could lead to a bad reputation among future visitors. Nobody wants to risk having their personal data exposed.

How can the hospitality industry protect itself?

Since cybercriminals are counting on the human factor, that's where you should start. Hotel representatives need to become more tech-savvy and able to recognize a potential malware attack or phishing attempt. Here's how:

    Emphasise education

Education is the key to catching a cyberattack before it happens. So, the hotel staff needs to know the different types of tactics used by hackers and the common traits of malware and viruses. Most of the cyberattacks on the hospitality industry weren't too sophisticated, but raising the concerns in time can protect both guests and the hotel that is targeted by cybercriminals.

    Use VPN encryption

Conducting business while connected to the public Wi-Fi network can result in a security breach. It is important to have a hidden Wi-Fi network for employees only. Encryption can help, too, because it makes the information you send or receive unreadable to third parties. A VPN is an excellent tool for this situation.

So, how does VPN work? It creates a safe tunnel for the information shared on and from your network. Even if someone intercepts your communication, they won't be able to see it, thanks to encryption. Learning how VPN works is not hard, and everyone can use it, regardless of their level of tech knowledge.

    Be open with guests

Since the hospitality industry is a frequent target for cybercriminals, you should be honest with your guests and reassure them that their personal information is safe and secure. Emphasise it won't be shared over unencrypted means of communication, and you'll ensure cybersecurity is always at the highest level.