Following the recent ransomware attack on MGM Resorts systems it seem cyber attackers are still trying hard to disrupt the luxury hospitality industry. The phishing attack is aims to spread malware that could steal important information.
Earlier this month MGM Resorts suffered a major cyberattack that heavily impacted operations in Las Vegas where the company has nearly 50,000 guest rooms within their many hotels on the famous Strip. The companies websites all went down, customers’ keycards stopped working and even some of the slot machines on the casino floors stopped working.
Ongoing Cyber Threats
This latest threat was discovered by researchers at Cofense Intelligence who published a blog on what they had discovered on Tuesday, 26 September. The phishing emails target email accounts that seem to be linked to reservation teams within luxury hotels and will frame the email as a seemingly legitimate customer query such as reservation changes or information request.
The first email is aimed to check whether the account is active and monitored and upon receiving a response confirming that it is there will then be a follow up message containing some kind of infected URL to well known and well used cloud sharing programmes. Cofense found that 58% of the links they saw were to a Google Drive. An cyber threat intelligence analyst at Cofense stated that this particular campaign is “highly sophisticated”.
The aim of these phishing attempts is to steal employees log in information for programmes that they use within the business that they work for. It was demonstrated how attacks like this can lead to a much more serious event just like the recent MGM incident.
You can read more about this threat on DarkReading.
Value Privacy’s experts are on hand to make sure that you and your company aren’t caught out by new or existing privacy laws.
You can find out more about the services we offer or just get in touch with us directly with any questions you have about how privacy laws impact you.