The hospitality industry is being warned of a heightened danger of attack from cyber criminals, as a new type of malware targeted at hotels goes on sale on the black market.
A shift in the focus of cybercriminals has been detected recently, as they target systems that store details of a higher number of credit cards rather than personal online bank accounts.
The latest attack is aimed at the point-of-sale (PoS) systems in hotels, as hotels generally have a limited knowledge of IT and malware, but handle a large number of credit cards on a daily basis.
The latest malware is a remote access Trojan horse (RAT), which is designed to steal customer credit card and billing information from hotel front desk computers.
The malware was discovered by researchers at security firm Trusteer, and was on the black market for $280, or £175.
The RAT has the ability to take screenshots, upload and download files to and from the infected computer, and record keystrokes – making them suitable for a number of operations.
“The strength of RATs is their generic nature – they can be used to attack many different applications in use by many industries,” said Amit Klein, Trusteer’s chief technology officer.
“We’ve seen RATs used against internal applications, banking applications, defence industries,” he added.
The RAT discovered by Trusteer came with an algorithm to prevent it being detected by any antivirus software, meaning it can be delivered to a buyer via email or instant messaging without being detected.
In addition, the malware package also came with instructions on how to trick hotel managers into installing it on a front desk computer.
Trusteer has said that the malware’s focus on hotel PoS systems is typical of cybercriminals these days, who are looking for more lucrative targets than personal bank accounts or consumer machines.
“I think the main reason for this shift, or diversification, is the fact that PoS machines, and some business machines serve as ‘mini repositories’ where information about many victims can be collected at once,” said Mr Klein.
“This is in contrast with consumer machines which typically expose one or two accounts,” he added.
The news is worrying for credit card customers, as there is no way of detecting the Rat on a hotel PoS system. But one way to avoid being the victim of credit card crime is to invest in a prepaid credit card.
These work in much the same way as a credit card but are not tied to a bank account, meaning you only load a specific amount onto the card.