What 'have a safe trip' means in the digital age

Digital security expert Alastair Paterson explains how to make sure your devices don't get hacked when you travel.

Image credit: iStock
Image credit: iStock

Alastair Paterson is the CEO and co-founder of Digital Shadows

 

Typically, when we wish someone well before they leave on a journey we are referring to their physical safety while in transit. But, increasingly, there’s another consideration – their online security.

Over the past year, compromises of payment card data from point-of-sale (POS) systems, network intrusions against third-party suppliers, and cyber espionage campaigns against visitors using hotel Wi-Fi networks have plagued the travel and hospitality industries.

In the spirit of ‘forewarned is forearmed,’ let’s take a closer look at some of the most notable examples of each of these types of threats and how firms in these industries can mitigate risk.

Point-of-sale (POS) attacks

Those who seek to compromise payment card details use malware to extract this data from POS systems or devices as well as physical skimming devices.

As an example, some groups target companies through ‘spearphishing’ emails containing malicious Microsoft Office documents or malware that moves through compromised networks. 

Network intrusions

The most high-profile network intrusion in the past year involved a compromise of the Sabre Corporation, reportedly affecting at least eight hospitality companies. Through unknown means, the attackers had accessed account credentials that permitted access to payment card data and information for some reservations processed by Sabre’s central reservation system.

This attack demonstrates a trend of third-party supplier attacks, in which financially-motivated criminals impact multiple companies by compromising their supplier to access sensitive or valuable data. 

Wi-Fi network compromise

Hotel Wi-Fi networks have been targeted in an information gathering and cyber espionage campaign against travellers to Europe and the Middle East. Cyber criminals almost certainly choose to target these networks because they are deemed less secure.

In one campaign, spearphishing emails were used to deliver information-harvesting malware to victims. The attackers also purportedly used the EternalBlue exploit, which targets the vulnerable Microsoft Server Message Block (SMB) protocol for movement within target networks.

So what can you do to reduce the risk?

Layer security

  • While the Europay, Mastercard and Visa chip technology have made physical card fraud more difficult, online card spending is on the rise. Consider using 3D Secure as an additional layer of security which has proven to be a real obstacle for criminals and is deployed by Visa and Mastercard.

  • Implement an enterprise password management solution – not only for secure storage and sharing but also strong password creation and diversity to mitigate the risk of credential compromise.

Monitor

  • With the help of Google Alerts or open source web crawlers like Scrapy, monitor for mentions of your company on cardable websites (sites that track those that are susceptible to fraudulent purchases as a result of lax security controls).

Educate

  • Routinely train employees about the risks of spam and spearphishing and how to avoid becoming a victim.
  • Encourage staff to use different passwords for personal and business accounts. Consumer password management tools like 1Password or LastPass can be helpful.

Address vulnerabilities:

  • Patching is an important part of your defence strategy and failing to do so opens the door wide for adversaries. For example, Microsoft has issued a patch for the vulnerabilities exploited by EternalBlue.

As long as payment card details and other proprietary information remain lucrative on criminal forums and marketplaces, the travel and hospitality industry need to remain vigilant.

But with greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travellers.

For more features and breaking news sign up to C&IT Magazine's daily News Tracker.

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in
New head of incentive travel for SevenEvents

New head of incentive travel for SevenEvents

Former C&IT A-Lister Heléna Vella has joined SevenEvents to head up the newly-formed incentives team.

Behind the winning entry: Best Use of Technology

Behind the winning entry: Best Use of Technology

SPARK THINKING organised Jaguar Land Rover's Graduate & Apprentice Induction Programme.

Battersea Power Station reveals plans for 'glass elevator' and viewing platform

Battersea Power Station reveals plans for 'glass elevator' and viewing platform

Owners say unique Chimney Lift experience will offer "breathtaking" views across London when it opens in 2021.

Banks Sadler hires new head of business development and senior bid writer

Banks Sadler hires new head of business development and senior bid writer

Agency says the appointment of Sue Darlaston and Jamie Blackall from HRG are 'a brilliant addition to the team'.

Why MICE planners need to think about leisure

Why MICE planners need to think about leisure

A look at how a destination's leisure offering can increase the success of business events.

Behind the winning entry: Events Destination of the Year

Behind the winning entry: Events Destination of the Year

Visit Belfast wowed the judges at this year's C&IT Awards and demonstrated how the city has become a top MICE destination.

Complete the C&IT Corporate Survey for a chance to win a stay in the Cotswolds

Complete the C&IT Corporate Survey for a chance to win a stay in the Cotswolds

Corporate event planners could win a stay at the Lygon Arms by contributing to our first ever State of the Industry Corporate Report.

Hotel review: Signiel Seoul

Hotel review: Signiel Seoul

Five-star glamour high in the sky above the South Korean capital, with impressive facilities for meetings and events.

Head and neck cancer congress going to Brisbane

Head and neck cancer congress going to Brisbane

International Federation of Head and Neck Oncologic Societies event will take place on the east coast of Australia in 2026.

NoMad Las Vegas opens its doors

NoMad Las Vegas opens its doors

Aiming high with a concept of the 'refinement of a European home', NoMad Las Vegas is on the top four floors of Park MGM.

LATEST JOBS