Tag Archive for: hotels

Hacking hotels, Google’s AI goof, and cyberflashing • Graham Cluley

/in


Smashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashingSmashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashing

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google’s AI search pushes malware and scams.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus’s Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – mstdn.social/@varmazis

Episode links:

Sponsored by:

  • Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
  • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Source…

Fraudsters attack Booking.com customers after hacking hotels

/in


Fraudsters, Booking.com, customers, hacking hotels
Image Source : FILE Fraudsters attack Booking.com customers after hacking hotels

This year, we witnessed larger cybercrime cases which upscaled across the world. Recently, cybersecurity researchers have warned people about a new scam that was targeting Booking.com customers. The hackers are posting advertisements on the Dark Web and asking for help in finding victims. This time, the hackers are targeting accommodation that has been listed on the platform to imitate the staff members.

How are hackers operating now?

At present, the scam is being investigated by the cyber-security firm named Secureworks, which is involved in the deployment of the Vidar infostealer to steal a hotel’s Booking.com credentials.

Access to the Booking.com management portal will enable the threat to see the upcoming bookings and will directly message the guests, as per Secureworks- the cybersecurity firm.

Although the portal of Booking.com has not been hacked, the hackers have come up with several ways to get into the administration portals of individual hotels which use the service.

Hackers are compensating this time

Hackers are offering USD 30 to USD 2,000 per valid log with additional incentives for regular suppliers.

As per the reports, hackers will be making so much money in their attacks that they are now offering to pay thousands of dollars to the criminals who share access to the hotel’s portal.

The spokesperson of Booking.com stated that they are aware that some of its accommodation partners are being targeted by the hackers by “using a host of known cyber-fraud tactics”, the BBC report states.

Secureworks incident responders have noted further that the threat actor has initiated contact by emailing a member of the hotel’s operations staff.

The security team noted, “The sender claimed to be a former guest who had lost an identification document (ID), and they requested the recipient’s assistance in finding it. The email did not include an attachment or malicious links, and it was likely intended to gain the recipient’s…

Source…

Inside a Ransomware Hit at Nordic Choice Hotels

/in


Nordic Choice Hotels, a chain with more than 200 hotels across Scandinavia and the Baltic countries, is still dealing with technology problems and the fallout from a data leak after a Dec. 1 ransomware attack.

Immediately after the incident, the company shut down corporate computers, check-in desks and machines such as music systems, and disconnected computers from the internet, said Kari Anna Fiskvik, Nordic Choice’s vice president of technology.

Kari Anna Fiskvik, vice president of technology at Nordic Choice Hotels



Photo:

MAIA HANSEN/A-I-AM

Hotel staff recorded check-in details with pens and paper, and escorted guests to their rooms because digital keycards didn’t work, Ms. Fiskvik said. Just as hackers struck, hotel business was booming again after long pandemic-related lockdowns.

“We were a good target because we were tired already,” she said.

More than five weeks after hackers hit, glitches continue in machines that provide heating, music and other services, she said.

Nordic Choice, an independent franchisor of Rockville, Md.-based

Choice Hotels International Inc.,

operates hotels in Norway, Sweden, Denmark, Finland and Lithuania. A spokesperson for Choice Hotels International said there is no indication the attack affected its technology systems.

An investigation found that hackers had infiltrated Nordic Choice’s systems 36 to 48 hours before launching the attack through a phishing email that appeared to be sent by a tour operator in frequent contact with the company, Ms. Fiskvik said.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Source…

Hacking group used ProxyLogon exploits to breach hotels worldwide

/in


Hacking group used ProxyLogon exploits to breach hotels worldwide

Image: Marten Bjork

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.

Slovakian internet security firm ESET spotted the hacking group (dubbed FamousSparrow) and described it as an “advanced persistent threat.”

The cyberspies have targeted victims from all over Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil, Canada, Guatemala), Asia (Taiwan), and Africa (Burkina Faso) in attacks spanning the last two years.

“The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage,” ESET researchers Matthieu Faou and Tahseen Bin Taj said.

FamousSparrow targets' geo distribution
Image: ESET

ProxyLogon exploits used one day after patch

The group has used multiple attack vectors in Internet-exposed web applications to breach its targets’ networks, including remote code execution vulnerabilities in Microsoft SharePoint, the Oracle Opera hotel management software, and the Microsoft Exchange security flaws known as ProxyLogon.

After breaching their victims’ networks, the group deployed custom tools such as a Mimikatz variant, a small tool designed to harvest memory contents (such as credentials) by dumping the Windows LSASS process, and a backdoor known as SparrowDoor only used by FamousSparrow.

“FamousSparrow is currently the only user of a custom backdoor that we discovered in the investigation and called SparrowDoor. The group also uses two custom versions of Mimikatz,” Bin Taj explained.

“The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow.”

The espionage group also started targeting Microsoft Exchange servers not patched against the ProxyLogon vulnerabilities in March 2021, one day after Microsoft fixed the bugs.

ESET also shared info on at least ten hacking groups actively abusing these bugs after joining the March Microsoft Exchange attack frenzy.

According to reports from other security firms, in-the-wild exploitation began on January 3rd, way before the bugs were even reported to…

Source…