Fraudsters attack Booking.com customers after hacking hotels


London, Dec 3 (IANS): Cybersecurity researchers have warned people about a new scam that is targeting Booking.com customers by posting advertisements on the Dark Web, asking for help finding victims. Hackers are targeting accommodation listed on the platform to impersonate staff members.

The scam, investigated by cyber-security firm Secureworks, involved deployment of the Vidar infostealer to steal a hotel's Booking.com credentials.

Access to the Booking.com management portal allows the threat actor to see upcoming bookings and directly message guests, according to cybersecurity firm Secureworks.

Booking.com has not been hacked but hackers have devised ways to get into the administration portals of individual hotels which use the service.

Hackers are offering $30 to $2,000 per valid log with additional incentives for regular suppliers.

According to reports, hackers appear to be making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals.

A Booking.com spokesperson said that the company is aware that some of its accommodation partners are being targeted by hackers "using a host of known cyber-fraud tactics", reports the BBC.

Secureworks incident responders noted that the threat actor initiated contact by emailing a member of the hotel's operations staff.

“The sender claimed to be a former guest who had lost an identification document (ID), and they requested the recipient's assistance in finding it. The email did not include an attachment or malicious links, and it was likely intended to gain the recipient's trust,” the security team noted.

With no reason to be suspicious, the employee responded to the email and requested additional information to assist the sender.

Later, the threat actor sent another email about the lost ID. The sender identified the document as a passport and stated that they strongly believed they left it at the hotel.

When the recipient clicked the link in the email, a ZIP archive file was downloaded to the computer's desktop.

“Microsoft Defender identified a file within this archive as the Vidar infostealer. Microsoft Defender detected multiple failed execution attempts before the malware finally executed,” the researchers informed.

Secureworks researchers analysed the contents of this file and confirmed that it is the Vidar infostealer. This Vidar sample is configured to only steal passwords.

“This activity originally appeared to suggest that Booking.com's systems were compromised. However, the observations by Secureworks incident responders indicate that threat actors likely stole credentials to the admin.booking. com property management portal directly from the properties and used the access to target the properties' customers,” the team said.

 

  

Top Stories


Leave a Comment

Title: Fraudsters attack Booking.com customers after hacking hotels



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.