Phishing, Critical Infrastructure Security, Security Staff Acquisition & Development
Hospitality sector targeted by increasingly advanced phishing attacks
SiliconAngle reports that organizations in the hospitality industry have been subjected to increasingly sophisticated phishing attacks that involved Domain Name System protocol exploitation to evade detection.
Attacks that commenced in June employed a two-pronged approach, with threat actors commencing with intrusions with the delivery of phishing lures to hotel staff to facilitate data exfiltration activities before proceeding with compromising hotel customers' online accounts and stealing their credit card information through malware-laced emails, a report from Akamai Technologies revealed.
Further analysis of the domains used in the campaign showed threat actors' usage of typosquatting and levelsquatting techniques to establish legitimacy for their targets. Most of the DNS traffic was noted by researchers to have originated from Switzerland, Hong Kong, and Canada, and while the campaign was linked to a Russian threat actor based on the leveraged lures, attackers may have only been using Russian brands Yandex and Sberbank to conceal their origins.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds