News Hub

Booking.com customers targeted in escalating cyberattacks as holiday season approaches

Written by Fri 1 Dec 2023

As the festive season nears, Booking.com has witnessed an increase in cyberattacks. Hackers are intensifying their efforts against the platform, which caters to a vast customer base from the UK, Indonesia, Singapore, Greece, Italy, Portugal, the US, and the Netherlands.

The methods employed by these cybercriminals involve deceptive strategies to manipulate Booking.com’s customers and gain administrative control over hotels listed on the platform.

Notably, there has been an alarming trend of advertisements on dark web forums, where login details of hotels on Booking.com are being traded for sums of up to £1,600 ($2,020). This has been taking place since at least last March.

Researchers at cybersecurity company Secureworks have uncovered the sophisticated tactics used by these hackers. They start by tricking hotel staff into downloading a malicious software named Vidar Infostealer, often by masquerading as former guests who claim to have left behind personal items like passports.

Staff are duped into clicking a Google Drive link purportedly containing an image of the passport, but this action instead results in malware being installed on their systems. Once infected, the malware searches for and gains access to the hotel’s Booking.com credentials.

Rafe Pilling, Director of Threat Intelligence for Secureworks Counter Threat Unit, shed light on the effectiveness of these attacks: “The scam is working and it is paying serious dividends. The demand for credentials is likely so popular because it is seeing a high success rate, with emails targeting genuine customers and appearing to come from a trusted source.”

Following the breach, the attackers can access the Booking.com portal, viewing all current room or holiday reservations. They then exploit the official app to contact customers, deceptively convincing them to redirect their payments to the attackers rather than the hotels.

Andy Ward, VP International for Absolute Software, stressed the importance of robust security measures: “Especially as we enter the holiday period, resilient Zero Trust is essential for organisations to maintain visibility and, crucially, control over their networks. Cybercriminals often target the weakest point, such as an unaware customer or a third-party supplier, to gain entry and move laterally across the network to cause a major breach.”

A Booking.com spokesperson acknowledged the severity of these attacks: “While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds.”

Shiran Guez, Information Security Senior Manager at Akamai, added a note on vigilance: “We all have to be constantly vigilant of phishing attacks. This sophisticated scam works, but so do the much simpler scams. Phishing campaigns of this caliber don’t come around every day. But cybercriminals are always developing new tactics to prey on unsuspecting victims.”

The surge in cyber attacks against Booking.com and its partner hotels highlights the increasing sophistication of cybercriminal tactics and underscores the urgent need for continuous monitoring and advanced cybersecurity strategies, especially during peak seasons.

Hungry for more tech news?

Sign up for your weekly tech briefings!

Written by Fri 1 Dec 2023

Send us a correction Send us a news tip