Over the past year America’s hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals. That’s one finding of a report that a cybersecurity researcher plans to present on February 2 at the Black Hat security conference in Arlington, Virginia.
His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what the researcher describes as relatively unprotected sources of thousands or even millions of credit card account details.
The researcher, who works as a security auditor and data breach investigator for the security firm Trustwave, plans to outline the results of around 1,900 audits and 200 breach investigations that his company performed over the last year. The central anomaly in that data: While only 3% of the audits Trustwave performed proactively for companies were commissioned by the hospitality industry, hotels and resorts were victims in 38% of investigations following successful cybercriminal attacks.
That’s a new phenomenon for Trustwave, whose hospitality breach investigations were “practically nonexistent” in 2008, the researcher said. He argues that rather than searching many industries for vulnerable targets, hackers are increasingly targeting specific sectors whose systems they know to be accessible and lucrative. “The hospitality industry was the flavor of the year for cybercrime,” the researcher said. “These companies have a lot of data, there are easy ways in and the intrusions can take a very long time to detect.”