Modern hackers have developed a knack for striking in industries that are not necessarily obvious targets for cybercrime. Government, finance and health care, for instance, are well-known as high-profile targets due to their wealth of national intelligence, trade tips and personally identifiable information, respectively.
But cybercriminals aren't just interested in top-secret records and insider-trading tips. One of the newest hotbeds for hacker activity is hotels, and in the past few months, the industry has been hit hard.
Customer credit cards in the cross hairs
The first announcement of a hotel data breach in a recent string was made in September, when security specialists suggested that multiple credit card fraud incidents could be traced back to the Hilton Hotel. According to independent reporter and cybersecurity researcher Brian Krebs, five different banks were able to pinpoint a common thread between the events. All of the affected credit cards had been used at one of the following Hilton properties: Doubletree, Embassy Suites, Hampton Inn and Suites, and the Waldorf Astoria Hotels & Resorts. The breach is known to have affected guests from April 21, 2015, to July 27, 2015, but Krebs noted that the incidents may have actually begun as early as November 2014.
Less than a month later, the Trump Hotel collection told customers and the press that it had been the victim of a year-long cyberattack. It noted in the announcement that any guests who paid at the hotels with a credit card between the dates of May 19, 2014, and June 2, 2015, may have been affected. Finally, in the most recent case of cyber-deja vu, the Hyatt informed guests just before Christmas that some of its properties fell prey to point-of-sale malware, believed to have lived in the system between Aug.13, 2015, and Dec. 8, 2015. They stated that the cases of fraud mainly affected cards that had been used at restaurants, adding that a small percentage of cards were used at other hotel amenities, including parking, golf shops and front desks.
All of these incidents share two very glaring commonalities. Firstly, the hackers were after credit card data. Secondly, and more significantly, it took months before the malware was first identified in the hotel systems. The latter aspect in particular highlights the growing need for comprehensive detective defenses in the hospitality industry.
Managed SIEM catches threats early
As hackers become sneakier, and as malware becomes more sophisticated and harder to detect, organizations that have been blind-sided by cyberattackers will need to explore new ways to catch cyberthreats early. One method that has shown some success for enterprises is the use of security information and event management.
Unlike traditional preventative cybersecurity, SIEM services serve as eyes in the network, perpetually monitoring for unusual or suspicious activity that could be a sign of cybercrime. This helps organizations ensure that if hackers somehow manage to slip through the cracks, they can be swiftly caught in the act and dealt with.
If there was one caveat to traditional SIEM software, it was that it could take as long as six months to a year for deployment. However, by switching to a cloud-based model, SIEM services can now be deployed with relative ease, and at a cost that midsize businesses can afford.
With managed SIEM, organizations get more than software. They get mine-sweeping for enterprise networks that is operated and managed by cybersecurity specialists.
Given the difficult-to-detect nature of malware currently in rotation in major hotel chains, this exactly the type of detective capability that may be called for.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.