Headlines

Attackers Targeting Luxury Hotels: Examining the MGM and Caesar’s Incidents

Attackers Targeting Luxury Hotels: Examining the MGM and Caesar's Incidentswordpress,cybersecurity,luxuryhotels,MGM,Caesar's,databreach,cyberattack,incidentanalysis,hotelsecurity

Cyberattack on Hospitality Industry Continues with Sophisticated Phishing Campaign

Introduction

The hospitality industry continues to be targeted by cybercriminals, with a new phishing campaign aimed at spreading info-stealing malware. This campaign, discovered by researchers at Cofense Intelligence, utilizes social-engineering tactics similar to those seen in the recent cyberattacks on MGM Grand and Caesars. The attackers leverage reconnaissance emails and instant messages to trick employees at luxury resorts and hotels into responding, ultimately leading to the delivery of phishing messages containing malicious files. This well-thought-out campaign has shown alarming success rates, with a significant increase in activity over the past two months.

Tactics Used by Attackers

The phishing campaign begins by sending an email to luxury hospitality chains and services from what appears to be a legitimate company email address. These initial messages are used to confirm that the target email account is active. If the recipient takes the bait, a follow-up phishing email is sent on the same day. The lures used in these emails are designed to resemble typical booking requests or reservation changes, creating a sense of familiarity for the employees. The emails contain an infection URL hosted on trusted cloud domains, such as Google Drive, Dropbox, or DiscordApp. Victims are directed to download a password-protected archive that contains malicious files.

Researchers found that 58% of the observed links were Google Drive files, while 49% of the archives were .ZIP files. By utilizing trusted cloud platforms and password-protected archives, the threat actors aim to bypass email security analysis and secure email gateways. Additionally, the attackers employ techniques such as using large file sizes (ranging from 600MB to 1GB) to deliver malicious executables. This disrupts analysis as most scanning tools have limitations on file sizes that can be scanned.

The Goal: Credential Theft

The main objective of this campaign is to steal employees’ login information for various applications used on corporate systems. In some cases, the attackers may also deliver secondary payloads. The malware families deployed in this campaign include RedLine Stealer, Vidar Stealer, Stealc, Lumma Stealer, and Spidey Bot. Notably, the threat actors behind the RedLine and Vidar stealers have recently been observed pivoting to ransomware attacks using similar delivery tactics. This serves as a reminder of how easily a phishing campaign can escalate into a full-blown ransomware incident, such as the ones that targeted MGM Grand and Caesars.

Cofense did not disclose any known successful attacks resulting from this phishing campaign. However, the high success potential of the campaign is attributed to the fact that the targets are likely not cybersecurity professionals but everyday users with specialized job functions.

Recommendations and Advice

To combat this phishing campaign, a multi-faceted approach is necessary, involving both employee education and technical measures. Organizations should prioritize educating their employees about general phishing concepts and inform them about the existence of malicious campaigns like the one discovered by Cofense. By increasing awareness and promoting good cybersecurity practices, employees can become the first line of defense against phishing attacks.

On the technical front, organizations should consider implementing measures to block downloads from sites being abused by the campaign. This could include blocking downloads from platforms such as Google Drive or DiscordApp if the company does not conduct legitimate business on those sites. Employing secure email gateways equipped with advanced threat detection capabilities can also help detect and block suspicious email content.

Conclusion

The ongoing cyberattacks targeting the hospitality industry serve as a reminder of the persistent and evolving threat landscape. Cybercriminals are employing highly sophisticated tactics, utilizing social engineering and trusted cloud platforms to bypass traditional defenses. The success of these phishing campaigns underscores the need for both individual and organizational vigilance in the face of cyber threats. By combining employee education and technical measures, businesses can bolster their defense against phishing attacks and protect their sensitive data.

Security-wordpress,cybersecurity,luxuryhotels,MGM,Caesar’s,databreach,cyberattack,incidentanalysis,hotelsecurity


Attackers Targeting Luxury Hotels: Examining the MGM and Caesar
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.

You might want to read !