Of late, hotels, hotels, hospitality and tourism companies are falling prey to a new targeted cybercrime malware campaign called dubbed 'RevengeHotels.' Security researchers at Kaspersky have warned that this particular malware campaign is primarily located in Brazil. So far, this campaign has targeted more than 20 hotels in different countries like Brazil, Spain, Thailand, Turkey, Portugal, Mexico, Italy, France, Costa Rica, Chile, Bolivia and Argentina. Let's see what RevengeHotels attack is all about.
RevengeHotels is the type of a coordinated malware campaign against hotels. The attack involves targeting hotel front desks worldwide. The primary goal here is to steal credit card data from guests stored in hotel systems. It also targets online travel agencies and steals credit card data received from companies like Booking.com. According to Kaspersky study, majority of the victims are associated with the hospitality sector.
The research shows victims in the number of countries. From RevengeHotels campaign, the following is the number of victims per country, depending on data derived from a malicious Bit.ly link.
The main channel to spread RevengeHotels malware campaign is email with malicious Word, PDF or Excel documents attached. Although the group has been active since 2015, the number of attacks increased only this year. Researchers also tracked two hacking groups targeting the hospitality sector. Both the groups used separate but similar infrastructure, tools and techniques, named Revenge Hotels and ProCC, respectively.
In addition to using social engineering techniques, these groups sell credentials from the affected system, further enabling other hackers to have remote access to hotel front desks already infected by the existing campaign.
"We monitored the activities of these groups and the new malware they are creating for over a year. With a high degree of confidence, we can confirm that at least two distinct groups are focused on attacking this sector; there is also a third group, though it is unclear if its focus is solely on this sector or if carries out other types of attacks," Kaspersky said in its blog post.
RevengeHotels campaign reveals different groups using traditional RAT malware to infect businesses in the hospitality sector. RevengeHotels technique uses spear-phishing emails, malicious documents and RAT malware.