SA hospitality sector a target for new malware campaign

By Ross Anderson, Sophos Business Unit Manager at Duxbury Networking.
Sophos warns of a new campaign targeting hotels and other operators in the tourism sector with password-stealing malware.
Sophos warns of a new campaign targeting hotels and other operators in the tourism sector with password-stealing malware.

With a market size of more than $1.3 billion, the hospitality industry in South Africa reflects just how popular the country has become as a tourist destination. In 2021, travel and tourism contributed nearly 3.2% to its GDP. This has made hospitality an attractive target for hackers. In light of this, Sophos has warned of a new campaign targeting hotels and other operators in the sector with password-stealing malware.

The social engineering aspect of these attacks is significantly more advanced than what has been encountered before. Hackers initially contact the target over e-mail that contains nothing but text, but with subject matter service-oriented businesses like hotels, guest houses and restaurants would want to respond to quickly. Once the target responds to the threat actor’s initial e-mail, a follow-up message is sent linking to what the attackers claim are details about their request or complaint.

However, the link contains either a link to a public cloud storage site such as Google Drive or an attachment, both featuring a compromised password-protected file. Typically, the password will be numerals such as ‘123456’ or something similar. When the attached archived documents (which are the supposed proof of the complaint or request for booking) are opened, the malware is triggered, which then steals passwords from the business.

Generally, the subject matter can be categorised either as complaints about serious issues the sender claims to have experienced in a recent stay, or requests for information to help with a potential future booking. Sophos has dubbed this the ‘inhospitality’ malspam campaign, considering how the sector is committed to customer service.

Because the files are password protected, the cloud services provider is unable to scan them for malicious content. The unpacked files are also larger than the usual malware, making immediate detection even more difficult.

This campaign underscores a critical vulnerability within the hospitality industry – the human element. The attackers' narratives are emotionally charged, designed to get a swift response from staff eager to address guest concerns. Such tactics highlight the sophistication of social engineering techniques used by today's cyber criminals and underscore the necessity for heightened cyber security awareness and training within the hospitality sector.

For the South African market, this threat is a reminder of the global nature of cyber risks. Our hotels, from major chains to boutique establishments, must recognise the importance of cyber security as an integral component of their operational integrity. More than just protecting their data, those businesses must safeguard their reputation in the eyes of both local and international guests.

In response, Sophos South Africa advocates for a comprehensive cyber security strategy that includes regular staff training on recognising and handling suspicious e-mails, comprehensive e-mail filtering systems and advanced malware protection tools. Collaboration with cyber security experts can provide the insights and support necessary to navigate these challenges effectively.

Share

Editorial contacts

Natasha Queiroz
Block 2 Riviera Office Park 66 Oxford Road Riviera 2193
(+27) 011 351 9800
nqueiroz@duxnet.co.za