Kaspersky's Global Research and Analysis Team (GReAT) has discovered a new wave of attacks by revengeHotels, also known as TA558, which conducted cyber attacks on hotels, aimed at accessing customers' payment information.
Although hotels in Brazil are the main targets of the TA558 group, the group's cyberattacks have also expanded to Spanish-speaking countries, including Argentina, Bolivia, Chile, Costa Rica, Mexico and Spain. Previously, another campaign by the same group of hackers was spotted targeting users in Russia, Belarus, Turkey, Malaysia, Italy and Egypt.
In terms of method, attacks are carried out through fraudulent emails sent to hotel staff, then they download malware to the hotel's system, where thieves can access customers' payment data and other sensitive information.
Analysis of these cyber attacks shows that they contain code that can be generated by AI, making them more sophisticated and difficult to detect, says Kasperskys security expert Lisandro Ubiedo. For hotel guests, this means a higher risk of having their cards and personal data stolen, even if you trust reputable hotels.
To ensure safety, experts have made recommendations:
- Even if your email seems secure, be careful with the links and attachments. To protect the company, use certified cybersecurity solutions, to improve real-time protection capabilities, threat display capabilities, investigation and response...
- Cybercriminals often distribute fake emails, impersonate email notifications from online stores or banks, luring users to click on malicious links and distribute malware. If attackers target your organization specifically, email content can be customized more, imitating familiar services or situations with your company. Therefore, fine-tune the anti- Junk file setting and absolutely do not open attachments from unidentified senders.
- Do not open strange messages sent in large numbers, because they can be blackmail software or even spyware...
