The Hotel Hijackers. The Hotel Hijackers 1



Similar documents
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

PANDALABS REPORT Q January - March 2015

2012 NORTON CYBERCRIME REPORT

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

A Case for Managed Security

Are You A Sitting Duck?

Your Customers Want Secure Access

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Internet threats: steps to security for your small business

Presented by: Islanders Bank

I ve been breached! Now what?

Global Network and Application Security Testing Market An Overview of Emerging Trends and Growth Opportunities For Test Solution Vendors

Practical guide for secure Christmas shopping. Navid

Cyber Security Trends Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

Presented By: Corporate Security Information Security Treasury Management

ABOUT LAVASOFT. Contact. Lavasoft Product Sheet: Ad-Aware Free Antivirus+

What Every Business Should Know About PCI Compliance

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

Surviving the Ever Changing Threat Landscape

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

Reducing the Threat Window

Point of Sale Security: What Every Merchant Should Know

Safety precautions for Internet banking or shopping How to avoid identity theft online

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

NATIONAL CYBER SECURITY AWARENESS MONTH

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

EUROPEAN MOBILE INSIGHTS 2012 NORTON CYBERCRIME REPORT APRIL 2013

Evaluating DMARC Effectiveness for the Financial Services Industry

$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

The Impact of Cybercrime on Business

Trust the Innovator to Simplify Cloud Security

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Background. Executive Summary

IT Security Community

How To Prevent Cybercrime

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

The Advanced Cyber Attack Landscape

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Visa CREDIT Card General Guidelines

How-To Guide: Cyber Security. Content Provided by

Data Security. So many businesses leave their data exposed, That doesn t mean you have to Computerbilities, Inc.

IDENTITY PROTECTION MEMBER. Protect Your Identity. Security of Personal Information is Our Top Priority

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

CYBER SECURITY THREAT REPORT Q1

Making Sense of Cyber Insurance: A Guide for SMEs

Power your small business with cloud and mobile

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Online Cash Manager Security Guide

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

V ISA SECURITY ALERT 13 November 2015

[WEB HOSTING SECURITY 2014] Crucial Cloud Hosting. Crucial Research

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

General Security Best Practices

TLP WHITE. Denial of service attacks: what you need to know

2012 Bit9 Cyber Security Research Report

Top Cyber Threats Of 2009

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

relating to household s disposable income. A Gini Coefficient of zero indicates

10 Quick Tips to Mobile Security

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost

Symptoms of a Data Breach in Your Business

The Hidden Dangers of Public WiFi

TMCEC CYBER SECURITY TRAINING

Don t Fall Victim to Cybercrime:

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

7 Simple Smartphone Privacy Tips:

Intel vpro and Information Security. Itai Yarom Senior Technical Lead LAN Access Division Intel Israel

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

National Cyber Security Month 2015: Daily Security Awareness Tips

STATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY

Client Education. Learn About Identity Theft

Cybersecurity Awareness. Part 1

PCI Compliance: Protection Against Data Breaches

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites

The Cancer Running Through IT Cybercrime and Information Security

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

Open an attachment and bring down your network?

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Retail/Consumer Client. Internet Banking Awareness and Education Program

Medical Information Breaches: Are Your Records Safe?

DID YOU KNOW THAT... Javelin Strategy and Research projects a 78% increase in the U.S. shopper volume by % of owners of Webenabled

1 8 Security PredictionS

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

INDUSTRY OVERVIEW: FINANCIAL

Combating a new generation of cybercriminal with in-depth security monitoring

Evaluating the Perceptions of People towards Online Security

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

Anti-exploit tools: The next wave of enterprise security

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Exercise 39. The Euro. At the end of this exercise you will:

Securing Endpoints without a Security Expert

Transcription:

The Hotel Hijackers The Hotel Hijackers 1

The Hotel Hijackers Why hotels? After all these years we ve been in the computer security business, there is one thing we know for sure: a cyber-criminal s main motivation is always money. That s why the hackers use Trojans to get the confidential data: the always-multiplying, information-stealing bugs that infect our computers and devices. One example of this is CryptoLocker, a popular attack that uses ransomware to encrypt important information then forces the victim to pay a ransom to get it back. Hackers see hotels as juicy business. When a phisher considers a hotel, they are thinking of how they can fish from the millions of rooms, used by millions of customers, which generates millions of dollars. From booking a room to the payments made at shops and restaurants, hotel chains have complex networks that save enormous amounts of sensitive and private data, just waiting to be compromised. If you stayed at a hotel recently, you might want to double-check your credit card statements Over time, we ve witnessed both the classic malware and the new attacks that are devised specifically for each victim, and how companies are dealing with these attacks. Most recently, these cyber-criminals have been going after hotel chains. The Hotel Hijackers 2

A promised history 2015 set a new milestone in this sector. By 2015, most of the hotels, regardless of size, have been victims of cyber-crimes. Cyber-criminals also have their eyes set on companies that provide services for the hotels. White Lodging White Lodging manages a number of wellknown hotels like the Hilton, Marriott, Hyatt, Sheraton, and Westin hotels. Although they are more of a hotel management company than a hotel chain, they were still victims of a big cyber-attack that was made public in 2014. In 2013, customer credit card and debit card information was compromised from fourteen of their hotels. Two years later, they suffered another attack, this time hitting ten hotels (some of them were also victims of the previous attack). The hackers came back for more: stealing data from credit cards like customer names, numbers, security codes, and expiration dates. According to White Lodging, this attack was different from the first one in 2013. Mandarin Oriental The luxurious Mandarin Oriental was attacked in March 2015. Malware infected POS (Point-of- Sale) terminals from some of the group s hotels in Europe and America. The malware was specially designed and directed towards these type of machine systems, allowing them to steal credit card information. Thousands of credit cards compromised 24 hotels affected The Hotel Hijackers 3

Trump Hotels They were attacked in seven of their establishments from May 2014 to June 2015. As they acknowledged, customer credit card data was stolen from infected POS terminals and computers at their restaurants, gift shops and other businesses. Just one year was enough for the criminals to get tons of confidential information. Dozens of infected computers and POS terminals Hard Rock Las Vegas An attack infected some of the POS terminals from their restaurants, bars and shops. But it didn t affect any devices in the hotel or casino. Over the span of seven months, from September 2014 to April 2015, the Hard Rock Las Vegas faced attacks leading to a total of 173,000 stolen cards from their restaurants, bars and shops. But they weren t the only hotel/casino affected. FireKeepers Casino Hotel, in Battle Creek, was another victim of 2015. 173,000 stolen cards Hilton Worldwide In November 2015, Hilton Worldwide issued a press release acknowledging that they were victims of a cyber-attack. They didn t give very much information about what happened but it is known that customers complete credit card information was compromised. Fortunately, PIN and other personal information codes were untouched. Access to confidential information The Hotel Hijackers 4

Starwood Hyatt Rosen Hotels & Resorts Around the same time as the previous Hilton attack, Starwood announced they were victims of a similar cyber-attack. 105 hotels in the Starwood chain were attacked (Sheraton, St. Regis, Westin, W, etc.), making it the biggest attack of this kind in the hotel sector at that very moment. They published a list naming the hotels where the malware infected their POS terminals. The Starwood s record was quite short-lived. Then came what we now know as the biggest cyber-attack in hotel history. The Hyatt hotel chain confirmed that a press release resulted in infected point-of-sale terminals from 249 hotels of their hotels in 54 countries. From July to September 2015, their POS terminals -once again- were infected and all customer credit card information was stolen. The most recent victims are the Rosen Hotels & Resorts. While they have not given exact information about the theft, they have confirmed that their point-of-sale terminals were infected with malware from September 2014 until February 2016. Unknown to the hotel chain, the thieves accessed customer credit cards that were used in the Rosen establishments throughout the last year and a half, while their POS systems were infected. 105 hotels affected 249 hotels affected 1.5 years infected without realizing it The Hotel Hijackers 5

This is not a fad We must be alert There is real economic interest behind these attacks and curiosity about remaining unknown. The hotel sector has become one of the main targets for cyber-criminal gangs. Along with motivation, there is malware that is designed specifically to scrape important credit card information from the POS systems, making it clear that these hackers won t be going away anytime soon. This alarming situation not only affects the sector economically, but it endangers their reputation, causes panic among their customers and destabilizes the business. Malware that infects point-of-sale terminals to steal credit card data, and targeted attacks against hotel systems to steal confidential data, are two examples of what can happen during a cyber-attack. These kind of attacks have severe repercussions to a hotel s finances and reputation. Hotels need to reinforce security on their network, devices and systems, and know how to choose the right protection system for their business. Not any protection system will work for this sector, because not all of them offer the same level of security, and not all of them can protect in any digital ecosystem or business environment. The Hotel Hijackers 6

The solution To protect against advanced threats and targeted attacks we need to have a system that guarantees Data Confidentiality, Privacy of Information and Business Reputation, and Legacy. Adaptive Defense 360 is the first and only cyber security service that combines the most effective traditional antivirus and the latest advanced protection with the capability of classifying all executed processes. Adaptive Defensive 360 can detect malware and strange behaviors that other protection services cannot because it classifies all running and executed processes. Thanks to that, it can ensure protection against known malware and advanced Zero-Day Threats, Advanced Persistent Threats and Direct Attacks. With Adaptive Defense 360, you will always know what happens to each of your files and processes. Detailed graphs show everything that takes place on the network: timeline of threats, flow of information, how the active processes behave, how the malware entered the system, where it is going, who intended to do what and how they got that information, etc. Adaptive Defense 360 makes it easy to discover and fix those vulnerabilities while also preventing the unwanted (like navigation bars, adware, add-ons ). Adaptive Defense 360: limitless visibility, absolute control. More info at: pandasecurity.com/enterprise/solutions/ adaptive-defense-360/ The Hotel Hijackers 7

More information at: BENELUX +32 15 45 12 80 belgium@pandasecurity.com HUNGARY +36 1 224 03 16 hungary@pandasecurity.com SPAIN +34 900 90 70 80 comercialpanda@pandasecurity.com BRAZIL +55 11 3054-1722 brazil@pandasecurity.com ITALY +39 02 24 20 22 08 italy@pandasecurity.com SUECIA (FINLAND & DENMARK) +46 0850 553 200 sweden@pandasecurity.com FRANCE +33 (0) 1 46842 000 commercial@fr.pandasecurity.com MEXICO +52 55 8000 2381 mexico@pandasecurity.com SWITZERLAND +41 22 994 89 40 info@ch.pandasecurity.com GERMANY (& AUSTRIA) +49 (0) 2065 961-0 sales@de.pandasecurity.com NORWAY +47 93 409 300 norway@pandasecurity.com UNITED KINGDOM +44 (0) 844 335 3791 sales@uk.pandasecurity.com GREECE +30 211 18 09 000 greece@pandasecurity.com PORTUGAL +351 210 414 400 geral@pt.pandasecurity.com USA (& CANADA) +1 877 263 3881 sales@us.pandasecurity.com The Hotel Hijackers 8

Limitless Visibility, Absolute Control

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information