Hotels, airlines and travel sites battle bot attacks

Attackers in certain countries appear to have a particular focus on breaching organisations operating in the travel sector.
Written by Danny Palmer, Senior Writer

Hotels, airlines, cruises and travel sites are under siege from crooks using fake or stolen account details to try to access accounts.

Hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets to deliver attacks at industrial scale, according to research by Akamai.

Akamai researchers analysed nearly 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in this industry including airlines, cruise lines and hotels among others. Nearly 40 percent of the traffic seen across hotel and travel sites is classified as "impersonators of known browsers" -- which Akamai described as a known vector for fraud.

Analysis of malicious login attempts by country against the hotel and travel industry by researchers at Akamai found that between November 2017 and March 2018, 650 million attacks came from Russia and 625 million came from China.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Researchers can't be sure why attackers in these regions of the world are so keen on attempting to breach accounts associated with the hospitality sector, but one likely explanation is that hotels and travel sites would be lucrative for organised crime gangs.

"By their nature, companies in the hospitality sector often hosts a lot of personal information," Bernd Konig, director of security products at Akamai Technologies told ZDNet.

"For example, hotels have everything from guest credit card data through to identity documentation that guests might be required under local laws to provide at check in. This is exactly the kind of personal and payment data that would be considered valuable to hackers".

Not only are hotel websites full of personal information which can be used to commit fraud or even make purchases, a lot of them also offer users incentives and point-based reward systems which are open to abuse. These are tempting targets because "they are profitable and hard to track when compromised" said the Akamai State of the Internet report.

As for the source of the information behind the credential abuse attacks, cyber criminal forums and underground marketplaces are a treasure-trove for stolen and leaked login information including usernames and passwords -- often sold at a very low price.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Combine that with login credential re-use -- users using the same username and password across multiple websites -- and it's easy to see how accounts can be maliciously accessed for illicit profit.

"The hospitality industry is a big target from Russia and China because it's seen as low-hanging fruit that can potentially deliver big rewards. Once data is taken, it can be re-used for fraudulent bank transfers or other types of fraud," said Koenig.

"So it's incumbent on any company working in the hospitality industry to undertake serious due diligence on their data protection strategy," he added.

Hotels in general remain a popular target for attackers, who realise that travellers will be less guarded about connecting to wi-fi hotspots when staying at a destination. Some espionage groups have even used this knowledge in order to conduct phishing attacks for delivering malware to high profile targets.


Editorial standards