- 28/06/2018
- Posted by: Alistair Ewing
- Category: Infosec
Hotels are an attractive target for criminals for a number of reasons. Trustwave, a cybersecurity firm studied data breaches in 24 countries and discovered that 38% of the breaches occurred at hotels. A number of top hotels such as Trump Hotels, Mandarin Oriental Hotel Group, Hard Rock Café, Starwood, Hilton and Hyatt have all been victim to breaches. Although large hotels have been targeted small hotels could be attractive too. Most breaches go undetected or are not reported creating havoc for the victims and for banks who are the ones liable to take the hit for the losses.
4 Reasons Why Hotels Are Exploited Commonly
- Travellers make more purchases while travelling and take longer to notice anomalies. Business users just don’t mind as much as they won’t take the losses personally.
- The information racked up by hotels about their guests coupled with poor network security mean that the hotel networks are stellar targets for a man in the middle attackers. They can sniff network traffic or hack the hotel booking system finding out the date of birth, passport numbers and other information about guests.
- The hotel environment has many ripe payment terminals for exploits discovered at onsite shops, restaurants and spas. The relaxed demeanour of untrained staff and lax security mean these terminals can be exploited either by strapon devices and other techniques.
- Open WIFI networks and lack of a VPN mean network traffic can be recorded with ease.
What Can You Do?
- Use a VPN such as one by Private Internet Access while travelling.
- Invest in monitoring systems that can detect breaches and perhaps train IT staff in data security.
- Monitor your bank activity using Experian or similar.
- Try a tool such as Rippleshot Siren that provides a unique overview of the status of all your locations, colour-coded by breach severity level, as well as personalised alerts whenever a location’s threat level changes, or otherwise needs your immediate attention.
If you are suspect a breach or are concerned about the security in your hotel then contact a computer forensic expert at Compute Forensics for a free telephone consultation.