Hacking Your Holiday: Cyber Criminals Target Tourism

Uploaded on 2018-08-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Imagine if a hacker shut down the baggage handling system of one of the world’s busiest airports. Or took control of a fleet of autonomous delivery trucks and re-routed them to disrupt rush hour traffic in a major metropolis. What if the hacker then demanded a ransom to unlock the digital networks they’d hijacked?

According to the latest State of the Internet report from Akamai, one of the world’s largest providers of computer servers and networks, these scenarios aren’t fantasies of some distant dystopia. They are just around the corner.

Technology continues to evolve with advances in artificial intelligence, automation, biometrics and a rapidly expanding Internet of Things. With this comes an increasing and potentially catastrophic risk of malicious actors bringing digital infrastructure and the societal services that rely on it to a grinding halt.

Even if we’re not quite there yet, there are several worrying trends highlighted in the report that show what cyber security professionals are already confronting.

DDoS for Hire

The first concern relates to an increasing frequency and volume of Distributed Denial of Service (DDoS) attacks, up 16% in the last year. These attacks bombard computers with huge amounts of data. They are used by malicious actors to disrupt and delay networks and make them unavailable to their users.

The most famous DDoS attacks were against Estonia in 2007, shutting down banks, media organisations and government ministries.

Fast forward a decade and the volume of data harnessed in such attacks has increased exponentially. According to the Akamai report, the largest DDoS attack in history was recorded in February this year against a software development company. It involved a data flow of 1.35 terabytes (1,350 gigabytes) per second.

The Southern Cross Cable connecting Australia and New Zealand’s Internet has an estimated overall capacity of greater than 22 Tbps, due in large part to recent upgrades. Such a high-volume attack directed at a single choke point could have a big impact on transcontinental and national internet speeds.

Perhaps even more concerning is that DDoS technologies are being commercialised and sold to cyber criminals on “DDoS-for-hire” websites.

They’re also becoming more sophisticated. Previously seen as a fairly simple way of exploiting internet traffic, the latest DDoS attacks exhibit more novel ways of creating “botnets” (networks of compromised computers) to redirect data flows against a target.

According to the Akamai report, attackers have been paying attention to mitigation efforts and changing the nature of their attacks as they unfold.

Hacking Holidays

Cyber criminals will invariably look for the weakest links. This might be individuals who never update their passwords and use unidentified WiFi networks without due diligence. Or it could be particular commercial sectors that are lagging behind in cyber security standards.

The Akamai report highlights that in the last year organised cyber criminals are increasingly targeting the tourism market.

A staggering 3.9 billion malicious login attempts occurred during the last year against sites belonging to airlines, cruise lines, hotels, online travel, automotive rental and transport organisations.

Finding out who is responsible is a trickier problem. Evidence suggests that exploitation of hotel and travel sites is mostly emanating from Russia and China, and it’s possibly the work of organised cyber criminals targeting tourists for easy gain. But more work needs to be done to map cyber-crime and understand the complex criminal networks that underpin it.

It’s not all Doom and Gloom

While the report warns of larger more destructive DDoS attacks before the end of 2018, it’s not all doom and gloom. The potential for cooperation is also evident.

In April 2018, the Dutch National High Tech Crime Unit and the UK National Crime Agency ran the appropriately named “Operation Power Off”.

This targeted a DDoS-for-hire site that was responsible for somewhere between four and six million DDoS attacks over its lifetime. The successful operation led to arrests and likely criminal prosecutions. These sorts of high level cyber-crime collaborations are growing in frequency and strength.

TimesLive:                Image: Nick Youngson

You Might Also Read: 

DDoS Protection: 14 Unique Ways to Protect Your Organisation:

DDoS Attack? There Is An App For That:

 

« GMail Users Warned Of Vulnerability
Internet of Things For Healthcare »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

Auraya

Auraya

Auraya develops its next generation voice biometric AI to deliver easy-to-use and highly secure speaker recognition and fraud detection capabilities.