Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes.
Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.
The impact of the attacks are hacked accounts stripped of value. But also, researchers say the consequences of recent attacks can also include flight delays and cancelations as airlines grapple with mitigating hacks.
Your Reward Points Head to Illicit Markets
Since January the researcher at Intel 471 detect multiple hacks used by cybercriminals to trade the credentials linked to the traveling websites.
The threat actors were specifically interested in “mileage rewards accounts with at least 100,000 miles,” according to 471. These accounts are used to earn certain rewards on every dollar that is spent. The account credentials that were listed in February belong to U.K.-based users from a major traveling website and two U.S.-based airlines.
“Access to these accounts allowed actors to leverage the rewards to book travel reservations for themselves and other customers,” said researchers. “The accounts and their respective rewards points could be resold to other actors looking to conduct similar types of travel fraud activity,” they added.
The exploitation of rewards-points programs, especially those associated with travel, is not new. Researchers have tracked several incidents over the years where hackers have targeted reward points. In 2018, a pair of Russian teens have been arrested for infiltrating more than a half-million online accounts, in particular targeting services that offer rewards points.
Researchers point out that as the travel industry rebounds from a COVID-related slump, the industry is once again a prime target for cybercriminals.
Travel-related Identity Theft
Other criminal activities include the targeting of travel-related databases – ripe with employee and traveler personal identifiable information (PII) that threat actors can sell for money.
Researchers observed on travel-related hackers leveraging a database of “40,000 people employed in Illinois”. The stolen database includes PII of employees. Researchers said this type of leaked information plays a role in travel-related fraud – allowing an attacker to generate new identities that can be used to either cross boarders or evade authorities.
In one instance, Intel 471 researchers, cybercriminals used PII to create illicit travel documents used for border crossings. “Shortly after the start of the (Russian invasion of Ukraine) war, the actor claimed the insider could facilitate illegal border crossings for Ukrainian males aged 18 to 60” researchers noted.
Some of the traveling bodies including Romania-based Air Traffic Services Administration and Bucharest Airport were targeted by a pro-Russian group of hackers known as KillNet. “Aviation and transportation entities were among KillNet’s most frequented targets in the first half of 2022,” researcher added.
Last month, an attack on the IT systems of SpiceJet airlines left travelers stranded at airports and causes the delay and cancellation of flights.
Protection From the Scams
The researchers suggested customers stay vigilant while making arrangements and should book flights from a trusted source, handle payment cautiously, and refrain from getting phished in any dubious vacation-related offers.