A sophisticated malspam campaign targeting the global hotel industry has been identified by cybersecurity researchers at Sophos X-Ops, emphasizing the need for heightened cybersecurity measures in the hospitality sector. The attackers employ social engineering tactics, sending emails with complaints about service problems or requests for information, creating an aura of legitimacy before sending links to malicious payloads.
The emails contain links to password-protected archives hosted on public cloud storage platforms, and the passwords, often simple, grant access to malware primarily from the Redline Stealer or Vidar Stealer families. The malspam campaign, discovered just days after a similar campaign targeting users with a fake hotel reservation/booking scam, serves as a reminder of the evolving tactics employed by cybercriminals. In both campaigns, attackers compromised devices using malicious payloads, emphasizing the importance of vigilance in the face of such threats.
The attackers in the recent campaign specifically target hotel representatives, posing a threat to the hotel industry by exploiting emotions, such as sending messages requesting help or accommodation for family members with disabilities. Sophos researchers identified that the attackers are using the same methodology discovered in April 2023. The emails cover a range of subjects categorized into complaints about serious issues during hotel stays and requests for information for future bookings.
The threat actors send links to malware payloads wrapped in password-protected archive files, putting hotel representatives at risk. The campaign underscores the need for the hospitality industry to implement robust cybersecurity measures and stay vigilant against evolving threats to protect sensitive data and guest privacy.
