Cyberint Travel Threat Landscape Report 2025

Keypoints

• The annual cybersecurity report is structured into sections including an Executive Summary, detailed Cyber Incidents, Trend Predictions, Cyberint solutions, Conclusions and Recommendations, and an Appendix with lists of TTPs and IOCs.
• The Executive Summary provides an overview of cyber events affecting the travel sector, highlighting significant attacks and tools used by threat actors.
• Cyber Incidents detail specific attacks such as DDoS disruption of booking systems, data breaches from exposed AWS buckets, state-sponsored intrusions by Fancy Bear, ransomware by Rhysida affiliates, and credential theft through phishing.
• The Top 10 Most Critical TTPs section lists key attacker techniques such as Valid Accounts (T1078), Exploit Public-Facing Application (T1190), Phishing (T1566), Process Injection (T1055), and Data Encryption for Impact (T1486).
• Trend Predictions emphasize a surge in AI-enhanced DDoS attacks during peak travel, increasing data breaches from misconfigured cloud storage, sophisticated phishing exploiting employee credentials, and supply chain attacks via vulnerable third-party vendors.
• Cyberint solutions focus on Attack Surface Monitoring to detect exposed assets, Threat Intelligence Monitoring for phishing and supply chain risks, and Dedicated Analyst Services to tailor defenses and interpret intelligence.
• Conclusions stress the critical need for real-time external threat intelligence and proactive defense strategies in the travel industry, given its time-sensitive and customer-facing nature.
• Recommendations include deploying cloud-based DDoS protections, continuous monitoring for cloud misconfigurations, AI-powered phishing defense, vendor ecosystem surveillance, and IOC blocking to mitigate emergent threats effectively.