The increase in the tourism industry after the COVID-19 pandemic gains the attention of cyber-criminals to con tourists.
Researchers are now warning a post-COVID upsurge in travel has targeted the travel industry & has triggered related cyber-crimes.
Criminal activity includes an increase in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites & travel-related databases breaches, states a report by Intel 471.
The impact of the attacks are hacked accounts stripped of value. Also, researchers say the effects of recent attacks can also include flight delays & cancellations as airlines deal with mitigating hacks.
Reward Points Head to Illicit Markets
Since Jan., the researcher at Intel 471 detect multiple hacks used by cyber-criminals to trade the credentials linked to the traveling websites.
The threat players were specifically interested in “mileage rewards accounts with at least 100,000 miles,” according to 471. These accounts are used to earn certain rewards on every dollar that is spent. The account credentials that were listed in Feb. belong to UK-based users from a major traveling website & 2 US-based airlines.
“Access to these accounts allowed actors to use the rewards to book travel reservations for themselves & other customers,” explained researchers. “The accounts & their respective rewards points could be resold to other actors looking to conduct similar types of travel fraud activity,” they added.
The exploitation of rewards-points programs, especially those associated with travel, is hardly new. Researchers have tracked several incidents over the years where hackers have targeted reward points.
In 2018, a pair of Russian teenagers have been arrested for infiltrating more than a half-million online accounts, in particular targeting services that offer rewards points.
Researchers point out that as the travel industry rebounds from a COVID-related slump, the industry is once again a major target for cyber-criminals.
Travel-Related Identity Theft
Other criminal activities include the targeting of travel-related databases – ripe with employee & traveller personal identifiable information (PII) that threat players can sell.
Researchers observed on travel-related hackers using a database of “40,000 people employed in Illinois”.
The stolen database includes PII of employees. Researchers outlined this type of leaked information plays a role in travel-related fraud – allowing an attacker to generate new identities that can be used to either cross boarders or evade authorities.
In one case, Intel 471 researchers, cyber-criminals used PII to create illegal travel documents used for border crossings. “Shortly after the start of the (Russian invasion of Ukraine) war, the actor claimed the insider could facilitate illegal border crossings for Ukrainian males aged 18 to 60” researchers noted.
Some of the traveling bodies including Romania-based Air Traffic Services Administration & Bucharest Airport were targeted by a pro-Russian group of hackers known as KillNet.
“Aviation & transportation entities were among KillNet’s most frequented targets in the 1st half of 2022,” researcher concluded.