Safety & Security

Cybercrime in Hospitality Sector Traced to RevengeHotels Campaign

8 Jan, 2020

By: Mary Helen Sprecher

The problem of hotel hactivists – cybercriminals in the hospitality sector – is not unique to the USA. The interesting thing: Research by a company that specializes in fighting cybercrime found the malware attacks on hotels are coming from a campaign called RevengeHotels.

According to an article in, research done by Kaspersky about a years-long attack on the hospitality sector confirmed that more than 20 hotels in Latin America, Europe and Asia have fallen victim to targeted malware attacks. As a result, travelers’ credit card data, including information received from online travel agencies, is at risk of being stolen and sold to cybercriminals worldwide.

The bad guys: The RevengeHotels campaign, comprised of different groups using traditional remote access trojans to infect businesses in the hospitality sector. The campaign has been active since 2015 but has increased its presence in 2019. At least two groups, RevengeHotels and ProCC, were identified to be part of the campaign, but more cybercriminal groups potentially are involved.

Tech-savvy individuals who want to know exactly how the attacks are being carried out can find details here. In short, they tend to infiltrate hotels via e-mail by using attachments in Word, Excel or PDF form. The documents tend to be well-crafted and are written so that the sender appears to be asking for a quote on behalf of what appears to be a government entity or private company wanting to make a reservation for a large number of people – and explaining what it is about the hotel they like.

HotelManagement notes, “Once infected, computers can be accessed remotely, and not just by the cybercriminal group itself. Evidence collected by Kaspersky researchers shows that remote access to hospitality desks and the data they contain is sold on criminal forums on a subscription basis. Malware collects data from hospitality desk clipboards, printer spoolers and captured screenshots. Because hotel personnel often copied clients’ credit card data from online travel agencies in order to charge them, this data also could be compromised.”

Given the fact that up to 500 million hotel guest records were affected by the 2018 Marriott hack alone, it’s not a shock that cybersecurity is one of the chief concerns of travelers today. In fact, Hotel Management notes that more than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels, according to the Morphisec 2019 Hospitality Guest Threat Index. The index also found 70 percent of travelers don’t believe the hotels they stay at are investing enough in cybersecurity. Almost 50 percent say their trust in a hotel’s cyber defenses influences if they book a stay with them.

Even the U.S. Department of Commerce believes hotels could do far more to protect guests. Following the Marriott breach, U.S. Commerce Secretary Wilbur Ross noted that “many companies have been scrimping on the cybersecurity budget” — both in the hospitality sector and beyond.

And while it’s easy for travelers, both within and outside the U.S. to say they’ll lower their risk by avoiding large chain hotels, Kaspersky says that’s not the solution, either:

“As users grow wary of how protected their data truly is, cybercriminals turn to small businesses, which are often not very well protected from cyberattacks and possess a concentration of personal data,” Dmitry Bestuzhev, head of global research and analysis team for Kaspersky Latin America, said in a statement. 

Independent hotels and small businesses, he noted, were not immune to the problem simply by virtue of the fact that they fly below the radar for many planners. It is incumbent upon all businesses in the hospitality sector to exercise caution and use better security practices.

As it turns out, event owners aren't immune either. According to MediaPost, Special Olympics of New York reports that its e-mail server was hacked prior to the holidays, and that hackers launched a phishing campaign targeting donors. The organization quickly took action, apologizing to its donors and noting the problem had been corrected. 

While nobody wants to become the target of a cyberattack, it is essential to have a plan in place, should one occur. The Federal Trade Commission has provided a detailed action plan, available here.


Subscribe to SDM