The Hospitality industry has always strived to stay ahead with technology – expanding its reach across borders with advanced IT infrastructure to manage a seamless and efficient experience for holidaymakers, businesspeople, and regular travelers alike. Relying on technology for almost all administrative needs in accommodation raises crucial security concerns about the data safety of guests.
The InterContinental Hotel Group (IHG), the hospitality giant which manages some of the world’s leading hotel chains, came under scrutiny in early September when a cyberattack halted business operations and prevented people from making bookings on their websites. At the time, the IHG admitted that parts of the company’s technology systems had been subject to “unauthorized activity” but now there’s been an update to the situation as a Vietnamese couple is claiming to have been the artists behind the attack.
Holiday Inn Hotel Cyber Security Incident
The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 of the world's largest hotel chains – including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites, to name just a few. IHG boasts the running of 6,028 hotels with 882,897 rooms in more than 100 different countries. The company confirmed that the Holiday Inn Hotel subsidiary of IHG was hit by a cyber-attack and in a statement released by the IHG, they reported “that parts of the company’s technology systems have been subject to unauthorized activity.”
While the IHG did not say in the press release that there was any loss of client data, the systems for “booking channels and other applications have been significantly disrupted.” Attempts to book a room online through the IHG Kimpton and Holiday Inn websites were unsuccessful according to Forbes. IHG maintains that they are working to fully restore all systems as soon as possible and to assess the nature, extent, and impact of the incident.
Holiday Hotel Hacking Pair Confesses
The couple - going by the name “TeaPot” - reached out to the BBC through a telegram to admit to the crime and attached screenshots showcasing that they had gained access to the company's internal Outlook emails, Microsoft Teams chats, and server directories - which IHG confirmed were all authentic. The duo admits to trying to orchestrate a ransomware attack against the hotel conglomerate but is being foiled in their attempts.
"Our attack was originally planned to be ransomware but the company's IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead," one of the hackers shared with the BBC.
While most cyberattacks are designed to leverage data for monetary gain, a wiper malware is entirely destructive – erasing all data and preventing any options for recovery. An expert at the BBC described the couple as “vindictive” as the decision to simply destroy the data displayed a spiteful impulse after not being able to achieve their initial goal.
The couple gained access to the IHG network through a phishing scheme - tricking an employee into downloading a malicious piece of software through an email attachment, then accessing the database quite easily. "The username and password to the vault were available to all employees, so 200,000 staff could see,” the couple explained to the BBC, “the password was extremely weak.”
The password in question - “Qwerty1234”, is one of the most used passwords on the internet. However, an IHG spokesperson still disputes that the password vault details were compromising and insists that the attackers had to pacify "multiple layers of security" – without giving any details about what exactly those security measures were.
The couple does not feel remorse for the cyberattack, citing that the minimum wage in Vietnam is $300 per month and that they were sure the hack “won't hurt the company a lot."
In a press release, the IHG maintains that “by Wednesday 7 September IHG had re-activated its booking websites and mobile app together with most of its other booking channels and revenue-generating systems.” The holiday hotel group assured that they have also “reported the criminal activity to law enforcement.”
However, that may not be the end of the repercussions of this cyberattack for the IHG corporation.
Lawsuit Filed Against IHG
A group of hotel franchisees based in Louisiana and three other US states have since filed a lawsuit against IHG Hotels and Resorts - claiming that the early September cyberattack cost them millions of dollars in lost revenue.
Mayur Patel and a group of other hotel owners filed the class-action lawsuit against IHG in a US District Court in Atlanta on the 15th of September. Mr. Patel remains that in addition to the compensation, the hotels require an explanation from the industry giant about what data was exposed and demands that executives take responsibility for the company’s lacking cybersecurity.
“The Data Breach was the inevitable result of IHG’s inadequate data security measures and lackadaisical approach to network security. Despite the well-publicized and ever-growing threat of cyberattacks, particularly in the hospitality industry, IHG refused to implement certain best practices, failed to upgrade critical security systems, ignored warnings about the vulnerability of its computer network and disregarded and/or violated applicable industry standards,” the lawsuit determined.
Laura Lee Blake, the president and chief executive of the Asian American Hotel Owners Association - which represents around 20,000 hotel owners in the US - added that the IHG “should be able to share the minimum information so the hotel owners aren’t left in the dark for days on end as they are trying to address the very livelihood of their business.” She announced that her association’s members responded to a survey about the attack and have estimated losses of between $30,000 and $75,000 each.
The need for advanced cybersecurity had never been higher with the risks of ransomware attacks and data loss having such far-reaching and debilitating consequences. Investment in world-class cybersecurity has become an imperative rather than a luxury.
Cyberattacks on the Rise
The hospitality colossus is not new to the cruelty of cyber-attacks - finding malware in their systems in April of 2016. The attack affected 1,200 of its hotels in the United States who were victims of a three-month-long cyber-attack that compromised the card data of guests and saw the IHG settling to a $1.5 million class action lawsuit in 2020. More recently, the Lockbit ransomware gang claimed last month that it had stolen data from the Holiday Inn branch in Istanbul.
Recent strings of ransomware attacks have pushed the general public and corporations to reconsider their cyber security needs this year. Several public sector organizations in the United States suffered attacks in June and there has been a noticeable rise in ransomware attacks all across Asia. The trend of ransomware attacks this year has escalated noticeably.
Notable 2022 Ransomware Attacks
Nvidia, the world’s largest semiconductor chip company, was compromised by a cyber-attack in February of 2022. The California-based company confirmed that the threat actor had started leaking employee credentials and proprietary information online. Lapsus$ - a hacking gang, took responsibility for the attack and claimed they had access to 1TB of crucial company data then demanded a $1 million ransom and a percentage of an unspecified fee from Nvidia. Lapsus$ also claimed the credit in January for the ransomware attack on Impresa - which is Portugal’s largest media conglomerate.
Another devastating ransomware attack affected the entire country of Costa Rica. The Conti Ransomware Attack halted the economy of the Central American country - affecting several branches of government and the public sector at large. A national state of emergency was declared on May 8th by the president.
Likewise, the media giant Nikkei Group’s Singapore-based headquarters was the victim of a ransomware attack in May of 2022. When unauthorized access to their internal server was noticed, the company discovered the breach and stated that it was likely that customer data has been affected.
Back within the hospitality industry, DataBreaches reported that Marriott Hotels had been hit by the third cyberattack in four years in July. The cybercriminals gained access to 20GB of data - including credit card information and internal company documents.
Hotel industries are targeted by cyber-criminals due to the vulnerability of guest information and inadequate cybersecurity in place. A blog post adds that hotels are frequent targets of data breaches due to online bookings and the processing of numerous credit card payments – making their IT systems an attractive weakness. Hospitality corporations may come under even more severe ransomware attacks due to this vulnerability.
People let their guard down when traveling and rely on their lodging for dependable and secure services, therefore it should be the responsibility of hotel industries to deploy stringent cybersecurity measures to assure guests that their personal information will never be compromised. This is where Sangfor Technologies shines – offering state-of-the-art protection from all types of malware.
Sangfor’s Cybersecurity Solutions
Sangfor offers the only complete and holistic security measure to prevent and mitigate ransomware attacks in real time. Integrating key products and services within Sangfor ensures advanced and automated security features to safeguard your company’s and your guest’s data.
- The Sangfor Cyber Command (NDR) Platform monitors for malware, residual security events, and future potential compromises in your network and is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system and any threats detected.
- While Sangfor’s Next Generation Firewall (NGFW) is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints.
- Then the advanced Sangfor Anti-Ransomware provides an innovative strategy that successfully mitigates ransomware attacks by breaking every step in the kill chain – providing encompassing protection and using Sangfor’s Engine Zero with multi-stage AI analysis capabilities to detect anomalies.
- Moreover, Sangfor’s Disaster Recovery Management provides a full range of disaster recovery solutions to make the continuity of their business a pivotal point despite any cyber-attack trying to halt operations.
- Finally, the Sangfor Incident Response is focused on locating and eradicating threats while implementing active disaster recovery and providing tailored analysis to help safeguard your company from future cyber-attacks.
Sangfor understands how damaging the failure of cybersecurity measures can be and how important client and company data safety is. This is why Sangfor prides itself in providing the best cybersecurity and most advanced computing technology available today. For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.