Hospitality & Travel Cybersecurity: Protection the During Peak Seasons
2024-9-17 21:0:19 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

Travel and hospitality companies are entering one of the busiest times of the year, with peak seasons like vacations and holidays bringing a surge in traveler activity. Unfortunately, this increase in traffic also attracts cybercriminals, who exploit the high volume of online activity to launch attacks. For travelers, this means being extra cautious with personal information, while travel and hospitality companies must enhance their security measures to protect customer data and maintain trust. Here’s a detailed look at our recent travel and hospitality cybersecurity research into the top 10 hospitality and travel companies and what can be done to stay secure.

Growing Hospitality and Travel Cybersecurity Threats

As travel peaks, cyber threats tend to escalate. Our research confirms that malicious actors often use the increased online traffic during these busy seasons as a cover for their attacks. The data shows a clear correlation between higher traffic volumes and a rise in DDoS attacks.

Key Findings from Our Analysis

We examined the public-facing API security posture of the top 10 travel and hospitality companies using Cequence API Spyder. Our findings reveal several critical issues:

Prevalent Vulnerabilities

  • Every company analyzed had serious, public-facing vulnerabilities.
  • Four of these companies were responsible for 91% of the serious vulnerabilities, many of which could enable Man-in-the-Middle (MitM) attacks.
  • Cloud Management Challenges

Companies showed liberal use of multiple hosting providers, ranging from 5 to 21 different providers. This “cloud sprawl” can complicate the management and security of cloud infrastructure.

Unintentionally Public Servers

8 out of 10 companies had public-facing non-production or internal application servers, with one company having over 300 such servers. These servers are sometimes the result of development or QA activity, are often unmonitored, and can be an easy entry point for attackers.

Claroty

Top Performers and Areas for Improvement

Fewest Vulnerabilities:

  • Gold: Skyscanner
  • Silver: Kayak
  • Bronze: Orbitz

Fewest Public Servers:

  • Gold: Tie – Orbitz & Travelocity
  • Silver: Kayak
  • Bronze: Skyscanner

The Impact of DDoS Attacks

Our data shows that during the winter travel holiday season, starting in October, we typically see a sharp increase in DDoS attacks. November 2023 saw the highest number of DDoS attacks in the travel industry for the entire year, with attacks reaching up to 1.03 Gbps and lasting as long as 7.43 hours.

Cequence API Spyder is SaaS-based discovery tool that provides an attacker’s view into an organization’s public-facing resources to identify external API hosts, unauthorized hosting providers, and API-specific security issues.

The post Hospitality & Travel Cybersecurity: Protection the During Peak Seasons appeared first on Cequence Security.

*** This is a Security Bloggers Network syndicated blog from Cequence Security authored by Katrina Porter. Read the original post at: https://www.cequence.ai/blog/cq-prime-threat-research/travel-cybersecurity/


文章来源: https://securityboulevard.com/2024/09/hospitality-travel-cybersecurity-protection-the-during-peak-seasons/
如有侵权请联系:admin#unsafe.sh