Cybercrims target hotel staff for management credentials The Register

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.
Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while at the same time applying time pressure, to trick them into downloading password-stealing malware.
Both typically necessitate a fast response from hotel management.
Complaint emails can range from allegations of violent or prejudicial behavior from staff or having possessions stolen, for example.
In these cases, attackers will often compose a strongly worded email, only including text, outlining their initial complaint.
When the staff then responds by requesting more information, the attacker sends a message directing the staff to open a link that supposedly contains evidence supporting their claim.
Similar to the previous examples, the attacker will instruct the staff to visit the link, which supposedly contains the information necessary for the hotel staff to familiarize themselves with the medical needs of their fake children.
Some emails are composed in what reads like native English, reducing the likelihood of staff members working fast-paced jobs being alerted to the malicious nature of the message.
Hotel staff have been advised to make themselves aware of the types of scams going around and be vigilant to any signs that the email might be an attempt at an attack.
Other methods involve creating an emotional scenario claiming the need for the hotel's help to retrieve a lost item left behind in a hotel room, for example - sometimes with sentimental value.
Email sent to hotels including a link to a malicious archive instead of images of a lost item.
In these cases, attackers may try to disarm the staff with grief, playing on their willingness to offer help, which Sophos says is a self-selecting trait of successful hospitality workers.
All of the methods described in the research serve to steal hotel management credentials, which have recently been used in a spate of attacks against Booking.com customers, and have been ongoing since at least March 2023.
The goal is to steal credentials to admin management portals, which are in turn logged into the Booking.com partner portal.
From there, attackers have been sending messages directly to customers from within Booking.com, lending an air of legitimacy to the communication.
Credit card details are requested to secure a customer's booking, while also being told it will be cancelled within 24 hours if details aren't provided - creating a sense of urgency.
Investigating the incident, Secureworks also spotted a high demand for Booking.com credentials on underground forums, with some users offering up to $5,000 for a valid infostealer log, along with incentives to regular suppliers.
One crook - who offers a service that checks infostealer logs for valid credentials to various platforms, including Facebook Ads Manager, Gpay, Discord, and more - added a new Booking.com admin portal service to the offering, again suggesting demand has risen.
Due to the rigorous controls and the machine learning capabilities we employ, we are able to detect and block the overwhelming majority of suspicious activity before it impacts our partners or customers.
It's good to remember that no legitimate transaction will ever require a customer to provide their credit card details by phone, email, or text message.


This Cyber News was published on go.theregister.com. Publication date: Wed, 20 Dec 2023 22:13:06 +0000


Cyber News related to Cybercrims target hotel staff for management credentials The Register

Cybercrims target hotel staff for management credentials The Register - Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while ...
1 year ago Go.theregister.com
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
1 year ago Infosecurity-magazine.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
1 year ago Helpnetsecurity.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
9 months ago Go.theregister.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
9 months ago Theregister.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
6 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin - The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, ...
2 months ago Wordfence.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
11 months ago Bleepingcomputer.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Packetstormsecurity.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Go.theregister.com
Cybersecurity in K-12 Schools - As technology becomes increasingly integrated into K-12 schools, the need for robust cybersecurity measures has never been more critical. By raising awareness and providing insights into effective approaches, this article aims to shed light on the ...
11 months ago Securityzap.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
1 year ago Hackread.com
Top 10 NinjaOne Alternatives to Consider in 2024 - Atera: Best for IT teams needing a unified platform for network and device management, including patch management and automation. Kaseya VSA: Best for IT operations looking for comprehensive IT management including remote control, patch management, ...
5 months ago Heimdalsecurity.com
K-12 schools in Tucson, Nantucket respond to cyberattacks - Schools in Tucson, Arizona, and Nantucket, Massachusetts, are dealing with cyberattacks as U.S. schools continue to face a barrage of threats in the first weeks of 2023. A spokesperson from Tucson Unified School District told The Record that they ...
1 year ago Therecord.media
Enhancing Organisational Security: A Comprehensive Guide to Insider Risk Management Courses - In a world increasingly aware of internal security threats, the necessity for comprehensive insider risk management courses has never been more crucial. Astonishingly, up to 90% of organisations acknowledge their vulnerability to insider attacks, ...
11 months ago Securityboulevard.com
Hospitality Hackers Target Hotels' Booking.com Logins - Cyberattackers are hitting the digital road, looking to make some virtual stops at various hotels that contract with Booking.com to sell rooms. The idea is to phish the hotels' backend Booking.com logins, with the aim of taking over the accounts and ...
11 months ago Darkreading.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
CVE-2023-3440 - Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)