As the headlines of this week remind us all, even the biggest and best protected organisations can fall victim to cyber-attack – the impact and long-term effect of the reputation and profitability of The Guardian Newspaper group remains to be seen. But imagine if the details of the papers whistle-blowers and informants from around the world are revealed.
There is more at stake there than simple economics – but it highlights the serious consequences to all of us when we fall victim to hackers and scammers. And as detailed below, the hospitality and travel industry is no stranger to cyber attacks.
From the middle of 2022 a small but financially motivated cybercrime group – identified as TA558 by Enterprise security firm Proofpoint -began conducting cyber-attacks aimed at hospitality, hotel, and travel organizations in the Americas and Europe. These attacks are ongoing, and they exist simply to install malware on compromised systems.
And how have they been doing it? You’ve guessed it. Through waves of phishing campaigns based around malicious spam messages with reservation-themed lures such as hotel bookings. These messages contain weaponized documents or URLs in a bid to entice unwitting users into installing trojans capable of reconnaissance, data theft, and distribution of follow-on payloads. "The malware used by TA558 can steal data including hotel customer user and credit card data, allow lateral movement, and deliver follow-on payloads," the researchers said. "Activity conducted by this actor could lead to data theft of both corporate and customer data, as well as potential financial losses."
This latest ongoing attack demonstrates why it is essential that you adopt appropriate safeguards to reduce your own risks around data breaches. And there is no better time than now to put your good intentions into action. So read on to find out how you can work with the Eastern Cyber Resilience Centre to start protecting your company from the growing threat posed by cyber criminals.
Non-technical free tools
All of these tools can be found on our website. So come and have a look at the sector specific tools which you could also use or signpost to your customers from education, charities, retail and more.
NCSC Cyber Action Plan - Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication and get a free personalised list of actions that will help you improve your cyber security. This is a great place to start your resilience journey and quickly identify areas that need improvement.
Incident Response Plan - To help you minimize the impact of a cyber-attack we have created a Cyber Incident Response Plan for you to use. Create a plan and then use Exercise in a box to test its effectiveness.
NCSC Exercise in a Box - An online tool which helps organisations test and practice their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it. It includes two exercises, a technical simulation, and a table-top exercise. You just need to register for an account. If you are not confident of running this aloe, your local cyber protect officer can help you for free (no strings attached). Contact us for more details.
NCSC Board Toolkit - Boards are pivotal in improving the cyber security of their organisations. The Board Toolkit has been designed to help board members get to grips with cyber security and know what questions they should be asking their technical experts.
NCSC Cyber Security Training for Staff - Your staff are your first line of defence against a cyber-attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices, and reporting incidents.
And don’t forget to sign up for our free community membership of the Eastern Cyber Resilience Centre as well or recommend that your customers do. You’ll all receive a monthly newsletter as well as our “Little Steps” emails giving easy to understand guidance about steps you need to implement to achieve Cyber Essentials. You can also access our affordable student services and Cyber Partners along with regularly updated cyber threat assessments.
Technical tools
All of these tools can be found on our website. So come and have a look at the sector specific tools which you could also use or signpost to your customers from education, charities, retail and more.
NCSC Early Warning – receive high level alerts, in daily and weekly summaries, based on your IP and domain names, containing:
Incident notifications suggesting an active compromise of your system. This might be a host on your network being infected with malware.
Network Abuse Events suggesting your assets have been associated with malicious or undesirable activity. This might be a client on your network found scanning the internet.
Vulnerability and Open Port Alerts suggesting vulnerable services running on your network, or undesired applications are exposed to the internet. This might be an exposed Elasticsearch service.
Police CyberAlarm - help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.
NCSC Logging Made Easy - helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems. Logging is crucial if you want to detect and catch cyber attackers. LME can:
Tell you about software patch levels on enrolled devices
Show where administrative commands are being run on enrolled devices
See which users are using which machine
In conjunction with threat reports, LME allows you to search for the presence of an attacker in the form of Tools, Techniques and Procedures (TTPs)
NCSC Scanning Made Easy – a collection of NMAP Scripting Engine Scripts, designed to help system owners and administrators find systems with specific vulnerabilities. The script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. Running this script often and following the linked vendor advice will help to keep your network secure.
What Next?
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.
Whatever you decide to do, doing nothing is no longer an option. Here at the ECRC we are already working closely almost a thousand organisations - SMEs, schools and third sector organisations across the East of England to help them tackle the continually changing cyber threats that they face. So come and join our community as free members and let us help you protect your organisation and your customers from the ever presents threats out there in the cyberverse.
Reporting a live cyber-attack 24/7
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Reporting a cyber-attack which isn't ongoing
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2