Much in the same way that cybercriminals followed the fervor around the pandemic, they now are doing the same with the travel boom, creating various scams that aim to take advantage of travel organizations, airlines, and individuals going on vacation.
Since the start of the year, security firm Intel 471 has tracked several cybercrime groups selling credentials and databases of stolen personal identifiable information (PII) tied to travel-related websites.
"People are starting to travel more than they have in the past few years, so there is increased attention and heightened traffic online," Intel 471 researcher Greg Otto explains. "Cybercriminals love operating in areas where a lot of people are congregating and trying to spend money ASAP."
The methods of malicious actors have evolved because of the concentration on PII: From reservations to rewards programs to security checks, these organizations collect a wide array of PII, he says.
He points to one threat actor that was specifically targeting individuals with at least 100,000 miles in their mileage rewards accounts. Other actors are seeking help in gathering additional information to perpetrate travel fraud schemes, offering up their own slate of PII as incentive.
"Financially motivated cybercriminals have realized how much value lies in the data that travel companies and organizations collect, which is why they have moved to target organizations in the travel, aviation, and hospitality industry," he says. "If that PII is not protected, it's going to be targeted."
While ransomware-as-a-service (RaaS) does not appear to pose an acute threat to the global travel industry so far, an Intel 471 blog post outlined the threat RaaS has posed to regional airlines, including low-cost Indian airline SpiceJet and an unnamed Thai airline.
What to Do About It
What can organizations do to deter cybercriminals from targeting their systems? Have written security policies and procedures tailored to your specific organization, Otto says, and craft expectations for protection of data, including the confidentiality of data, and set limits of permissible data access and use for employees.
"Be aware of social engineering scams, have a robust passwords policy for employees and users, and patch vulnerabilities when applicable," he says.
Meanwhile, Intel 471 also noted activity around pro-Russia hacktivist groups, namely an actor joining KillNet, which has conducted attacks against targets in Romania and other countries providing support to Ukraine.
Threat actors are using their position within the government agencies to facilitate illegal border crossings for Ukrainian males aged 18 to 60.
“Accomplices used to facilitate the activity allegedly would transfer a person seeking to cross the Moldova-Ukraine border and bypass official checkpoints,” the blog post noted.