technology

Fraudsters attack Booking.com customers after hacking hotels


Cybersecurity researchers have warned people about a new scam that is targeting Booking.com customers by posting advertisements on the Dark Web, asking for help finding victims. Hackers are targeting accommodation listed on the platform to impersonate staff members.

The scam, investigated by cyber-security firm Secureworks, involved deployment of the Vidar infostealer to steal a hotel’s Booking.com credentials.

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
MIT MIT Technology Leadership and Innovation Visit
IIM Kozhikode IIMK Advanced Data Science For Managers Visit
Indian School of Business ISB Professional Certificate in Product Management Visit

Access to the Booking.com management portal allows the threat actor to see upcoming bookings and directly message guests, according to cybersecurity firm Secureworks.

Booking.com has not been hacked but hackers have devised ways to get into the administration portals of individual hotels which use the service.

Hackers are offering $30 to $2,000 per valid log with additional incentives for regular suppliers.

According to reports, hackers appear to be making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals.

Discover the stories of your interest


A Booking.com spokesperson said that the company is aware that some of its accommodation partners are being targeted by hackers “using a host of known cyber-fraud tactics”, reports the BBC.Secureworks incident responders noted that the threat actor initiated contact by emailing a member of the hotel’s operations staff.

Readers Also Like:  Weird and wonderful Welsh fossils reveal marine life from 462,000,000 years ago

“The sender claimed to be a former guest who had lost an identification document (ID), and they requested the recipient’s assistance in finding it. The email did not include an attachment or malicious links, and it was likely intended to gain the recipient’s trust,” the security team noted.

With no reason to be suspicious, the employee responded to the email and requested additional information to assist the sender.

Later, the threat actor sent another email about the lost ID. The sender identified the document as a passport and stated that they strongly believed they left it at the hotel.

When the recipient clicked the link in the email, a ZIP archive file was downloaded to the computer’s desktop.

“Microsoft Defender identified a file within this archive as the Vidar infostealer. Microsoft Defender detected multiple failed execution attempts before the malware finally executed,” the researchers informed.

Secureworks researchers analysed the contents of this file and confirmed that it is the Vidar infostealer. This Vidar sample is configured to only steal passwords.

“This activity originally appeared to suggest that Booking.com’s systems were compromised. However, the observations by Secureworks incident responders indicate that threat actors likely stole credentials to the admin.booking. com property management portal directly from the properties and used the access to target the properties’ customers,” the team said.

–IANS

na/dpb

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.