Trustwave SpiderLabs 2023 Threat Landscape in the Hospitality Sector

Keypoints

• Major cybersecurity vendors publish comprehensive annual reports structured into sections like executive summaries, threat trend analyses, attack methodologies, threat actor profiles, and mitigation strategies, providing an in-depth view of the cybersecurity landscape.
• These reports include key statistics such as the approximately 31% of hospitality organizations experiencing data breaches, with an average breach cost of $3.4 million, indicating ongoing vulnerabilities in the industry.
• Notable trends identified include the rise of generative AI and Large Language Models (LLMs), which while offering benefits like enhanced guest service, also pose risks such as sophisticated phishing, data privacy concerns, and targeted social engineering attacks.
• Attack techniques continue to evolve, with threat actors exploiting contactless technologies, insecure networks, and supply chain vulnerabilities; common tactics involve phishing, malware deployment (e.g., infostealers, ransomware), and credential theft.
• Recurring themes emphasize the importance of proactive threat hunting, robust security controls, and continuous staff training to address insider threats, patch management issues, and the expanding attack surface due to technological innovations.
• Key threat groups such as LockBit, Black Basta, and BlackShadow have demonstrated persistent activity, employing tactics like email-borne malware, BEC scams, and vulnerability exploitation across industries, including hospitality.
• These reports underscore the significance of targeted mitigation efforts, including evaluating AI security risks, securing IoT and contactless systems, and maintaining vigilant monitoring of network exposures.