Group items tagged

Theft of data by hackers remains the major threat to Hospitality Industry. Usually, hackers attack hotel point of sale for obtaining personal information. But now days hotel owners should be aware of ransomware which is becoming more popular among hackers as it provides the hacker an immediate return.

Saudi Arabias national oil company, Aramco, was attacked by a computer virus, Shamoon, and it is suspected that an insider or employee assisted the hackers. The virus spread through the network and infected about 30,000 PC business computers and wiped their hardrives. This is one of the worst attacks against a single business. The hackers who claimed responsibility, The Cutting Sword of Justice, were politically motived. The companies more important documents including plant operating networks were not affected by the virus because they were on a separate and higher security network. Recently, other Middle Eastern natural gas firms with relations to Saudi Arabia have been hit by cyber attacks. Because the Aramco hackers admitted their motives against the Saudi Arabian government income sources, I think that all the cyber attacks may be politically motivated. As a Middle Eastern oil company with relations to Saudi Arabia, this is a major indication to take precautionary measures and increase network security. This attack demonstrates that no matter how much security you have in place, if an insider is willing to assist hackers or provide hackers with necessary information, you are no longer protected. It would seem imperative that employees with this access are chosen carefully or network access is very limited.

Restaurants have always been an easy target for cyber security hackers, in particular, hackers who are looking for credit card and ID information. Restaurants provide hackers with a "wealth of client data" due to the high "volume of credit card transactions and CRM data available." Once given access, a hacker could simple install malware and duplicate all customer information. Already facing critical financial issues during Covid 19, restaurants large and small need to take a stronger presence in the protection of their data. If discovered to be the start of a breach, customers will tend to avoid that business. "Chipotle, for example...got devalued by about $400 million after they suffered a breach," and many small restaurants "go belly up six months after an attack." Below is a summary of the types of attachs restaurants face: 1. Unprotected Wifi 2. Social engineering and phishing attacks. This is actually the one that stood out to me the most because of how sophisticated these attacks can be. It is a reminder that we are all at risk, both the technologically challenged and gifted. 3. Malware 4. Covid 19 Scams 5. Grub hub scams 6. Supply chain scams *A particular issue for restaurants and commercial businesses right now as companies scramble to find new vendors who can supply them with the products they require. 7. Public Health scams 8. Government Stimulus scams 9. Technical support scams How can we fight against these? Here are the recommendations: 1. PCI compliance 2. Hire and IT security professional to conduct a risk analysis and if possible, keep on as a consultant or full time 3. Keep a secure network and change free passwords daily 4. Use the latest operating systems, force multi-factor authentication, strong passwords, and use encryption services for data storage and transfers 5. Install and use robust web-filters and security software programs 6. Maybe most important!!! Train your employees. 5.

This article talks about how there is a serious concern in the hotel industry when it comes to credit card and identity theft. They talk about how all the major brands in the hotel industry were all victims of highly publicized, major breaches in the last year alone. Also, including airline and banks, hotels maintain a wealthy amount of database of personal and financial data. For example, with new technology systems being created, POS systems are a weak security point for many networks because they are constantly in use and are not always updated or even protected from vulnerabilities. The article talks about personal details for hotel guests are frequently stored in a variety of locations including restaurants, facilities, and government buildings, so hackers have a greater possibility to access your personal information. The bigger hotels are in more danger because of the volume of guests that come in and out of the location. Smaller hotels should be concerned not just about their security but also by ransomware, an increasingly favorable tactic to extort hoteliers by hackers who encrypt the hotels data making it inaccessible until ransom is paid for. I believe hotels need a toolbelt of various securtiy technologies that can be used to prevent future malicious attacks. I think by managing and implementing a firewall is essential which helps get rid of dangerous traffic from coming onto the network and preventing sensitive data from being hacked.

MOD 10: This article discusses the main tactics of cyber hackers that target hotels. Point of sale (POS) systems are easy targets for hackers due to their constant use during operation hours and because of that their security measures aren't always up to date. Hotels have large data banks since they're storing consumer profile information such as home addresses, phone numbers and credit card numbers. There's a large risk when it comes to security breaches within franchises because they have access to their parent company's regional, national and global systems. If their systems are hacked and breached, then that puts the whole system of the brand at risk. Security breaches within a system can also damage a brands reputation with the public. According to the article, "Recent major breaches at Fortune 500 companies and household names across the retail, restaurant and hotel sectors demonstrate that anti-virus, anti-malware and firewalls alone are not enough to secure businesses from the ever-evolving threat landscape." Smaller properties are even at a greater risk because not only do they have to monitor their compliance with PCI but also monitoring their security systems for their database and PMS system. Some of the recommended software's that should be used by hotels looking to be proactive with their company's cyber security is File Integrity Monitoring(FIM), Unified Threat Management(UTM), and Security Information and Event Management(SIEM).

This article explores the different tactics hotels should use after a cyber attack. The article mentions several different type of attacks such as Phishing when hackers trick customers into giving up their login credentials. Ransomware, when hackers encrypt data making it unusable and inaccessible for the hotel. Not one solution but rather companies should be equipped with a series of technologies from firewalls to file monitoring programs. Some of these technologies, like SIEM requires an intelligent IT team to have the capabilities of analyzing and monitoring the reports produced. This may be more difficult for smaller businesses to implement and maintain.

According to the article, two Romanian nationals have plead guilty for participating in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants' computers, including a great number of Subway restaurants. The reality is that anyone with an Internet connection can search for, identify and target remote applications that businesses rely on. This case is a warning to operators utilizing POS systems to shore up their security by taking steps to make their accounts more difficult to breach and therefore less attractive hackers.

This article discusses the security issues with restaurants using remote desktop applications that are easily accessed by hackers trying to steal stored credit card information. The relative simplicity in which these hackers were able to steal the numbers should pose a real concern for restaurant owners in making sure their systems are properly secure from theft. They were able to crack simple password protected applications to gain access to private information. These remote applications used by restaurants are a not provided with enough security and therefore are easy targets for hackers.

Almost everyone has recently heard of Cody Brocious and his gadget that was implemented and utilized to unlock guest room doors in Onity locking systems. This issue has been recently broadcasted all over the news and has gained the awareness of millions of people, making travelers panic when staying in hotels, and questioning their safety and security. The truth is, behind the issue at hand, travelers have been utilizing hotels and other establishments without being concerned or conscious of their safety, and with some negligence, and lack of attention, they put themselves at risk in numerous different ways. Although Brocious' invention gained the attention of the public, and although he went out of his way to be sure that other hackers out there knew how to replicate the system and how to utilize it to their advantage, enabling hackers to enter guest rooms and steal their personal belongings without their permission, or potentially cause physical harm to a traveler as well. Stated in this article, according to Forbes, the gadget that Brocious invented has proven inconsistent in its effectiveness. That is not to say that it could not eventually be improved, but with the changing in technology, and now the gained awareness, hotels are focusing more intently on ensuring guest security through their technological outlets. Technology affects many aspects of a hotel guest's security - from internet access to credit card information, along with guest room locks and personal identity. The article also suggests numerous ideas for how guests can avoid a lot of problems with their safety in mind, including using secondary security systems on their door, ensuring closure of the room door when leaving he room, as well as never keeping your room number written down with your key. The article also focuses on how utilizing your energy to ensure that your belongings are safe in your room as you would in your own home, is energy more well spent than being concerned about someone

The hotel is a perfect place for hackers to attack because they have easy access to retrieve thousands of guest information including credit card information, billing addresses, and much more personal information. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, mentioned that the credit card and debit card information is the most in demand by hackers because it is easiest to turn into cash quickly. There are three main steps in a typical data breach and how attackers mostly operate at each level: initial entry, data harvesting, and exfiltration. Close to half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords. Around 42 percent of attacks occurred via third-party connections; 6 percent via SQL injection; 4 percent via exposed services; and 2 percent via remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan. As an IT manager of the hotel, it is crucial to recognize how serious the consequences are for the hotel should the data not be protected well. 

Hey all, here is an article I found that talks about hackers taking over the hospitality industry. It mentions how hackers main objective is to gain access to debit accounts and gain access to customer cash. Also, hackers are also able to infiltrate POS systems along with other valuable technology with in the hospitality industry. Nearly half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords, according to the report. Around 42 percent of attacks occurred via third-party connections; 6 percent, SQL injection; 4 percent, exposed services; and 2 percent, remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan.

hackers are EVERYWHERE!

In the article, "Hotel Lock Firm's Security Fix Requires Hardware Changes For Millions Of Keycard Locks," it talks about how Onity has a plan to fix a security flaw that allows hackers to insert a homemade device into the lock and open the door in a matter of second. The only problem with this new plan is that it requires hardware changes to every affected lock and it even might require it customers to pay for it. "Black Hat security conference by Cody Brocious, a Mozilla developer who showed that he was able to insert a device he built for less than $50 into the data port on the underside of Onity's locks, read their memory to find a decryption key, and use it to gain access to the lock's firmware and trigger its open command in a matter of seconds." It seems crazy that hackers can break in so easily, so maybe this expensive security could be worth it in the long run. The company responded with two different parts, first, it's issuing caps that cover the data port Brocious's hack exploited and the second more substantial: Onity will offer its customers new circuit boards and firmware that ostensibly fix the problems. Before reading this article I had no idea that it was so easy for hackers to get into hotel rooms, this really makes you think twice before you decide which hotel you will be staying at!

The hardware of hotel is the locker. This article showed us there is a new key card locker was discovered by Onity's. It is more security but it need to change all the affected lock. It is a lock built for less than $50 into the data port on the underside of the Onity's locks. The company's response to that epic security bug has two parts-a quick fix, and a more rigorous one, both of which it plans to make available by the end of August: First, it's issuing caps that cover the data port Brocious's hack exploited, which can only be removed by opening the lock's case. To further stymie hackers who would try to open the locks and remove that cap, it's also sending customers new, more obscure Torx screws to replace those on the cases of installed locks.The company's response to that epic security bug has two parts-a quick fix, and a more rigorous one, both of which it plans to make available by the end of August: First, it's issuing caps that cover the data port Brocious's hack exploited, which can only be removed by opening the lock's case. To further stymie hackers who would try to open the locks and remove that cap, it's also sending customers new, more obscure Torx screws to replace those on the cases of installed locks. The safe issue became the most important issue of the new products. It will cost more money of each hotel and it is really safe or not is still a question. 

The article discusses five issues that hotel operations are facing, and how to decrease these issues in regards to data thieves. The first security issue discussed is "Remote Access", the article states "Many hotel operators and franchisors use remote management applications (RMAs)". This enable easy access to manage multiple locations downloads; conduct sales polls, and other systems within multiple companies. A advices to remote control issues are to change vendor default settings, in which you can create unique user IDs and complex passwords. Another advice is to "Configure the RMA", in which users are only allowed to connect to known MAC/IP. I personally don't think that creating a unique ID or account password may solve this issue, but allowing connection capability to a set IP/MAC is a wise intake. Although being able to just connect to a set MAC, will cause a limit on where and when you connect. The second security issue is "Network Security", many transaction volumes are being exposed, brand recognition as well; and that attract hackers. In order to reduce this problem, it is suggested that companies need to install and maintain a fire wall at all time. I agree with this other suggestion which is to Use outside resources to help identify new security vulnerabilities. This is great, because a company will be able to receive an outside outlook in regards to security. The last three issues that are on this list are: Password Management, Wireless Security, and Incident Response Plan. Overall it's evident that any system that has a password requirement is causing a major attraction towards security thieves. The suggestions within this article are great, but from my observation; many companies will have to put in time to track and monitor their systems. Systems can't allow to be left open without monitoring, and the internet is a lead way to all this, so any system that requires the internet must be monitored, and protected.

Technology enables service. That's the idea, anyway. In the hotel industry, thousands of companies worldwide provide hundreds of software applications to help hotels and hotel companies manage operations to provide better guest service. However, the hospitality industry continues to find itself targeted for damaging data compromise events by hackers. There are some good ways to decrease the attack of hackers. For example, Remote Access, many hotel operators and franchisors use remote management applications (RMAs).  Their ease of use in managing multiple locations makes them ideally suited to disseminate business downloads, conduct sales polls or survey inventory. RMAs are often packaged from vendors with default or blank passwords. Creating unique user IDs and complex passwords can reduce the risk of data compromise and help facilitate compliance with the Payment Card Industry Data Security Standards (PCI DSS). Another example is about Network Security, transaction volume, brand recognition and the potential for sensitive data retention are all factors that make hotels (particularly franchise networks) juicy targets for hackers seeking to exploit insecure networks via the Internet. The hotel can install and maintain a firewall at all times.  Disabling a firewall can put a business at heightened risk of Internet attacks and potential system compromise.

1. IT The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals. To the problem the core principle is to provide end-to-end data protection with looking at cost and benefit and how it's supports the business. 2. Terrorism Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years.Hoteliers need to keep their staffs and travelers mindful of possible threats, but they don't want to scare them. 3. Skimmers A related threat is that of "skimmers," or devices that catch credit card numbers when consumers use them for payment.The best prevention measure is to have an investigative team or third party on hand and making that known to employees. 4. Liability and insurance fraud These two related issues can double, triple, quadruple and quintuple corporate insurance premiums in the blink of an eye. The advisement is hoteliers to educate themselves on the issue, consulting with an attorney, if necessary. 5. Security as taboo "Security" still is something of a taboo in the global hotel industry.Hoteliers need to do a better job of "turning on the light" by talking about security openly and regularly at staff and association meetings, and hotel executives should insist their GMs make security a priority

1. ITAccording to the article, most mobile devices that are used for business are unprotected. Meaning that the devices if the device even have a password and if it does the password is not very complex. There could be thousands of employees accessing company information via the cloud through unprotected smart phones or other mobile devices. This could organizations at risk to hackers and other criminals  2.  TerrorismAlthough terrorist threats are less of a concern nowadays, that does not mean hotel managers should discontinue stressing the importance of security within their establishments. Keeping employees aware and diligent can prove to be a delicate assignment but it is a necessary of part of maintaining a safe work environment in the twenty-first century. 3.  SkimmersSkimmers are devices that steal credit card numbers when consumers use them for payment. Unfortunately, it is most commonly an employee on the inside who is committing the crime.  A third party investigation team will be needed to prove who is stealing from the establishment.  4. Liability and Insurance FraudCombined, these two issues could sky rocket a company's insurance costs through the roof. It is crucial that hoteliers be aware of the legal system and educates themselves on issues concerning liability. Both patrons and employees alike could potentially file claims against an establishment and entitlements can quickly get out of hand.    5.  SecurityDespite the best security measures, there is always the possibility of unforeseen danger. This fear of the unknown is a concern for hotel workers. To confront this fear of the unknown managers must regularly and openly discuss security with employees.  Security should be held as a top priority. 

This article discusses five main concerns brought on by the current state of hotel security. I must say that some of this information surprised me. Something that especially surprised me was learning that mobile devices that are used for business hardly use passwords. The article states, "Amplifying the problem is the sheer number of devices, he added. A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals." This piece of information is very unsettling to me. How could such valuable information not be protected? The article suggests the solution to this problem is PCI DSS. Terrorism as number two on this list also surprised me because that is not something that would first come to mind for me. The article states that it is ironically on the list for becoming less of an issue. I suppose this reminds hoteliers to never let their guard down when it comes to issues of safety and security within the hotel. However, "skimmers" and liability on this list does not really surprise me. The article suggests that hoteliers be educated about these issues to protect the hotel against them.

Due to the vulnerability of some POS systems, hackers have made the example of SAP whose POS system does not authenticate or check any internal commands, meaning if an hacker is able to get into their POS system they can change prices, add discounts and even disable the check out systems. Even though they have made the example out of SAP, it is said that this vulnerability is across almost all POS systems. One reason that this is happening is because many companies that run their POS system off the internet are not updating their programs, such as the windows, the internet explorer or the POS system itself. Today companies are very aware of the measures they must take to ensure their POS systems are safe as many breaches have happened causing many people to have their personal data stolen, therefore due to the efforts POS system breaches have been decreasing over the recent years.

Cloud computing has created a very hacking prone storage system because companies have not been paying as much attention to security as they should. Thus, by not taking the logical measures such as not uploading credentials to cloud storage systems, they are becoming prone to hacker raids. However, with the turning of the tide, new methods of security have presented themselves in the form of online tools such as HashiCorp's Vault Microsoft's Azure Key Vault, and Amazon's AWS Secrets Manager, which stores sensitive credentials in very limited access windows, as well as UpGaurd's BreachSight which detects online data leaks containing exposed and volatile client data, and Amazon's Amazon Macie, which learns the access patterns of your cloud storage,

This article is about the wireless networks within hotels today and how there are many hackers that are breaking into the hotels networks. It discusses how hackers target hotel networks more than any other destination in previous years, and that what is even worse is that the hotels that have been hacked didn't have any knowledge of the hacking that has been done for more or less than 160 days. This article also gives insight of some of the possible things to do to prevent hacking from happening.  I feel that this article although it is 3 years dated, is of great importance to most hospitality industry businesses. There is much information that is stored and transported through many networks that can cause a company to loose everything they have worked for if put into the wrong hands. 

From what I research from the article, VLAN as a local area network itself actually is quite secure cause the fake IP address means a private one.  And it is already encrypted. But the hackers had imitate the hotel's main server. As for the technology developing, it seems like the more secure the system make, the smarter the hacker would be. 

This article introduced how hotels improve their network to enhance security. To reduce the potential for stealing by theft and hacker, the W Dallas Hotel set up virtual local area networks. Compared with relatively rundimentary hub technology and encryption for Wi-Fi, the biggest advantage of this VLANs is to inhibit attackers from using computer to imitate the hotel'smain server. I think increaing a hotel network's security is very necessary, still, people should pay more attention to this and improve the techonology to make sure the security of all aspects.

Several different hotel chains have fallen victim to hackers who have stolen the personal information of their guests therefore Hyatt is taking matters into their own hands. The hotel chain is offering a bug bounty program via HackerOne which will reward ethical hackers with monetary compensation for reporting flaws in their network and programs. They will then take the information that these hackers provide them with & work to strengthen the weaknesses in their cyber security.

This article points out that hotels are still a huge target for hackers. Hotels need to make sure they reduce the temptation on standalone point solutions. Hotels should focus on having a security framework that stops data from moving outside of he country. To limit hacking as well, hotels should not store information locally. It was surprising to read that 74% of hotels lacked breach protection.

On August 17th, 2012 Forbes Magazine wrote about Onity's security breach with hotels room doors that affected over 4 million hotel rooms across the globe. During a security conference, Cody Brocious, a program developer showed how simply he could insert a device into the data port to access hotel rooms. The cost of this device cost him $50 to build. The company responded to the security issues with a two part resolution. To avoid hackers from accessing the data so easily, Onity will be issuing the hotels new caps that will cover the data case on the doors. Onity is also protecting the equipment with obscure torx screws that will enable the hackers from accessing the panel. The second fix is more costly and challenging for Onity. The company has created a new circuit board and firmware that allegedly fix the security issue. However, Onity is asking hotel owners to pay a nominal fee to help with the fix. Onity could face many financial hurtle through the recall of the 4 million door locks that need to be replaced. The security and safety of many travelers are at risk if this issue is not resolved. Companies such as Marriott International, Starwood Hotels and Hilton utilize Onity's key system across the globe (http://en.onity.com/companyprofile/Pages/Hotel-Resort-Worldwide-References.aspx). These companies won't be affected by the cost associated with the fix; however the small and independently owned and operated hotels will be affected. The question Brocious wrote on his blog and I also ask myself; how many hotels will refrain from properly fixing the issue? Are the major corporations such as Marriott and Starwood given each hotel a deadline to complete such project? Since neither company owns the properly, they simply operate the hotel, how much money and how quickly are owner willing to get this issue resolved?

As technology advances so do hackers and criminals. Hotels are placing more cameras in public areas to keep their guests safer. Because cameras are becoming much more popular they are easier to attain and cheaper for hotels to have more than one. Another form of security hotels have been using is key systems. You can track what key and who it was that entered into any room. But hotels are even taking it farther where the guests must use their key in the elevator to get to their floor. All of these steps are in place for the safety and security of the hotel guests. But we still need to be careful as hackers and criminals are coming up with new ways to get hotel stayers. They have even gotten creative enough to make their own Wi-Fi to get guests information. Security teams and hackers will always be neck in neck for who is ahead of the game.

This article describes the vulnerabilities in the security systems of the hotel Industry. The POS system was recognized as one of the most vulnerable areas that are more targeted by hackers. This is due to the multiple stations where the POS systems are located on the premises of the hotel. Likewise having POS systems independent of the hotels security system left the system open to hackers. Two options to defending the cyber-defense, are digital walls and employee training. Digital walls works by keeping hackers from accessing the systems. Although even with a strong firewall it is recommended to implement point-to-point encryption (P2PE), this encrypts payment information of guest. the other is tokenization. This uses alphanumeric pseudonym to protect data stored for long periods of time. Another way to prevent cyberattacks is employee training, encourage the use of strong passwords an dhow to detect fraud and phishing attacks.

An example of a cyber attack or ransomware, in a manufacturer. Shows some effects of a ransomware and what a consumer may experience.