Eye on Hospitality: Cybercriminals Targeting Restaurants and Hotels – Don’t Be a Victim!

Eye on Hospitality: Cybercriminals Targeting Restaurants and Hotels – Don’t Be a Victim!

By Paul Schlienz

On Tuesday, Aug. 29, the Washington Hospitality Association met with representatives of the Seattle Office of Federal Bureau of Inspection (FBI) and the U.S. Attorney’s Office in Seattle. The reason for this meeting was to alert us of a growing threat to the hospitality industry from cybercriminals.

As with an astonishing amount of cybercrime, this threat likely comes from Eastern Europe. An organization with suspected ties to Eastern European cybercrime gangs, known as FIN7 or the Carbanak Group is believed to be the perpetrator. More than 20 U.S.-based hospitality companies — hotels and restaurants — have been successfully hacked by this group. Among its victims are Baja Fresh, Chipotle and Ruby Tuesday’s.

The suspects operating this criminal enterprise are very sophisticated and difficult to detect.

The first thing you need to know is that this hacking group uses social engineering tactics, including phone calls to employees of the victim companies, to convince victims to activate malware planted in phishing emails.

“There is no patch for gullibility that can protect users from social engineering attacks,” said John Gunn, vice president of communications at VASCO Data Security. “This is typically the first step in these types of attacks, and this will continue to compromise millions of users.”

The attachment, in these phishing emails, will claim the document is encrypted and protected by “Outlook Protect Service” or “Google Documents Protect Service,” depending on the email address that sends the message. In either case, names of genuine antivirus companies appear on the JScript document dropper to create a false sense of security for the user.

If a user is tricked into enabling editing of the document, the document will access the malicious payload through a series of scheduled tasks.

Once your system is infected, the malware targets point of sale networks and steals credit card data. Unfortunately, common anti-virus products often fail to detect the malware.

The Washington Hospitality Association remains in contact with the U.S. Attorney’s Office and the FBI. We will provide more information on this threat as it becomes available. In the meantime, remain vigilant about phishing emails. Do not open attachments from anyone you are not entirely sure of. Also remember that these hackers are so sophisticated and brazen that they will sometimes even make legitimate sounding phone calls to your place of business to follow up on the email and convince you to open the attachment.

Knowledge is power, and only by knowing this threat can you protect yourself from it.

If you have any further questions, contact Paul Schlienz at the Washington Hospitality Association.

Read more
Categories: News Room