Hacking Your Holiday: Cyber Criminals Target Tourism

Uploaded on 2018-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Imagine if a hacker shut down the baggage handling system of one of the world’s busiest airports. Or took control of a fleet of autonomous delivery trucks and re-routed them to disrupt rush hour traffic in a major metropolis. What if the hacker then demanded a ransom to unlock the digital networks they’d hijacked?

According to the latest State of the Internet report from Akamai, one of the world’s largest providers of computer servers and networks, these scenarios aren’t fantasies of some distant dystopia. They are just around the corner.

Technology continues to evolve with advances in artificial intelligence, automation, biometrics and a rapidly expanding Internet of Things. With this comes an increasing and potentially catastrophic risk of malicious actors bringing digital infrastructure and the societal services that rely on it to a grinding halt.

Even if we’re not quite there yet, there are several worrying trends highlighted in the report that show what cyber security professionals are already confronting.

DDoS for Hire

The first concern relates to an increasing frequency and volume of Distributed Denial of Service (DDoS) attacks, up 16% in the last year. These attacks bombard computers with huge amounts of data. They are used by malicious actors to disrupt and delay networks and make them unavailable to their users.

The most famous DDoS attacks were against Estonia in 2007, shutting down banks, media organisations and government ministries.

Fast forward a decade and the volume of data harnessed in such attacks has increased exponentially. According to the Akamai report, the largest DDoS attack in history was recorded in February this year against a software development company. It involved a data flow of 1.35 terabytes (1,350 gigabytes) per second.

The Southern Cross Cable connecting Australia and New Zealand’s Internet has an estimated overall capacity of greater than 22 Tbps, due in large part to recent upgrades. Such a high-volume attack directed at a single choke point could have a big impact on transcontinental and national internet speeds.

Perhaps even more concerning is that DDoS technologies are being commercialised and sold to cyber criminals on “DDoS-for-hire” websites.

They’re also becoming more sophisticated. Previously seen as a fairly simple way of exploiting internet traffic, the latest DDoS attacks exhibit more novel ways of creating “botnets” (networks of compromised computers) to redirect data flows against a target.

According to the Akamai report, attackers have been paying attention to mitigation efforts and changing the nature of their attacks as they unfold.

Hacking Holidays

Cyber criminals will invariably look for the weakest links. This might be individuals who never update their passwords and use unidentified WiFi networks without due diligence. Or it could be particular commercial sectors that are lagging behind in cyber security standards.

The Akamai report highlights that in the last year organised cyber criminals are increasingly targeting the tourism market.

A staggering 3.9 billion malicious login attempts occurred during the last year against sites belonging to airlines, cruise lines, hotels, online travel, automotive rental and transport organisations.

Finding out who is responsible is a trickier problem. Evidence suggests that exploitation of hotel and travel sites is mostly emanating from Russia and China, and it’s possibly the work of organised cyber criminals targeting tourists for easy gain. But more work needs to be done to map cyber-crime and understand the complex criminal networks that underpin it.

It’s not all Doom and Gloom

While the report warns of larger more destructive DDoS attacks before the end of 2018, it’s not all doom and gloom. The potential for cooperation is also evident.

In April 2018, the Dutch National High Tech Crime Unit and the UK National Crime Agency ran the appropriately named “Operation Power Off”.

This targeted a DDoS-for-hire site that was responsible for somewhere between four and six million DDoS attacks over its lifetime. The successful operation led to arrests and likely criminal prosecutions. These sorts of high level cyber-crime collaborations are growing in frequency and strength.

TimesLive:                Image: Nick Youngson

You Might Also Read: 

DDoS Protection: 14 Unique Ways to Protect Your Organisation:

DDoS Attack? There Is An App For That:

 

« GMail Users Warned Of Vulnerability
Internet of Things For Healthcare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

FortiGuard Labs

FortiGuard Labs

FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc