A recent influx of attacks on loyalty cards and schemes targeting companies including Hilton, Costa Coffee, British Airways and Tesco highlights it’s not just your passwords or money that cybercriminals are after.
Take, for example, the recent hack on Hilton Worldwide, which saw its systems targeted through payment card-stealing malware. The global hospitality company has confirmed that the malware could potentially steal cardholder names, security codes, payment card numbers and expiry dates.
Or look back to the hack on its loyalty card ‘Hilton HHonors’ last year. Brendan Brothers, a frequent traveler logged into his Hilton Honors account to find that more than 250,000 points had been stolen. First, thieves had accessed his online account and changed the e-mail address so that he would not receive any correspondence regarding the use and abuse of his rewards. Then they helped themselves to six different Hilton hotel reservations from Atlanta all the way up the Atlantic coast to Stamford, CT. using his points.
- How can a travel company be hacked? i.e. Which methods would cybercriminals most likely use to gain access?
Travel companies can be hacked in similar methods to other organisations. Take, for example, the recent hack on Hilton Worldwide, which saw its systems targeted through payment card-stealing malware. The global hospitality company has confirmed that the malware could potentially steal cardholder names, security codes, payment card numbers and expiry dates.
Or look back to the hack on its loyalty card ‘Hilton HHonors’ last year. Brendan Brothers, a frequent traveller logged into his Hilton Honors account to find that more than 250,000 points had been stolen. First, thieves had accessed his online account and changed the e-mail address so that he would not receive any correspondence regarding the use and abuse of his rewards. Then they helped themselves to six different Hilton hotel reservations from Atlanta all the way up the Atlantic coast to Stamford, CT. using his points.
- What gain would cybercriminals be looking for by hacking travel companies?
One thing the recent influx of attacks on loyalty cards and schemes targeting companies (including Hilton, Costa Coffee, British Airways and Tesco) has taught us is it’s not just passwords or money that cybercriminals are after.
The above stories highlight the fact that cyber-attacks are being increasingly used to support traditional crime or fraud. It’s not always the money that hackers are after, many are increasingly realising they can turn a profit by stealing assets many people treat as an afterthought – loyalty rewards. This should remind organisations that protection against cybercriminals includes more than just sensitive personal information.
- Is this a bigger risk now due to the introduction of inflight and hotel Wi-Fi?
Where Wi-Fi is public, there’s certainly a bigger security risk. Even just casually browsing in a hotel cafe or restaurant could put you under threat. If someone is able to capture your log-in details, or other sensitive information, they have the key to unlock your digital lives. And it doesn’t have to be the guy at the next table. A typical Wi-Fi router has a range of around 100 metres. So it could just as easily be someone sitting in the cafe over the road, or in the nearby car park.
[su_box title=”About Kaspersky Lab” style=”noise” box_color=”#336588″]Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.