Sasin TipchaiNews

Onslaught of botnets hounds hospitality industry — Akamai

(Image by Sasin Tipchai/Pixabay)

While critical industries such as the financial sector have embraced and invested heavily in information security, the hospitality industry has been left wide open for cybercriminals. Credit card information, membership data, and other credentials have been exposed and abused.

Akamai Technologies Inc. (Akamai), a content delivery network and cloud service provider, released recently the findings of its “Summer 2018 State of the Internet / Security: Web Attack” report, which showed that the hospitality industry has been targeted by botnets attacks primarily due to lax in information security policies.

The analysis was conducted for six months, from November 2017 to April 2018. Major sources of credential abuse for the travel industry came from China, Indonesia, and Russia, which targeted airlines, cruise lines, hotels, and travel websites. Attack traffic origination against the hospitality and travel industry from China and Russia combined was three times the number of attacks originating in the United States.

Almost all bookings and reservations are done online or through apps and the amount of information provided to companies are almost unimaginable.

“There’s a perception that the hospitality industry is not very mature when it comes to security,” explained Fernando Serto, head of Security Technologies and Strategy, APJ of Akamai. “There’s also a perception that they don’t really have big budgets like the banks do.”

Akamai researchers analyzed nearly 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in the industry including airlines, cruise lines, and hotels, among others. Nearly 40 percent of the traffic seen across hotel and travel sites are classified as “impersonators of known browsers,” which is a known vector for fraud.

Botnet Manager

“From the economic perspective, the hospitality industry harnesses a lot of interest among cybercriminals,” said Gerald Penaflor, Philippines country manager of Akamai. “There are other bots out there that basically hijacks booking sites and you can sell it on retail.”

Bots can cripple the business by reducing competitive advantage, getting between enterprises and their customers, or committing fraud.

“I was looking into the data breaches in the hospitality industry since mid-2016 and seven different brands of hotels had data breaches during that time,” Serto said. “All the major brands that you see had all data breaches in the last year and a half.”

According to Serto, about 80 percent of their customers’ traffic is from bots. One type of bots attack is when someone would try to do an account takeover attack using credentials — email addresses and passwords — from another site. These are content scrapers or people who are like content aggregators who don’t really have a partnership with companies but want to get all the pricing so they would have their own competitive pricing over the others.

“We provide a classification of all the bots,” Serto explained. “We allow customers to choose how they want to handle different types of bots — good bots and bad bots.”

“Companies like us are able to develop certain techniques that allow us to catch what is a bot, what is a good bot or what is a bad bot in order for us to mitigate that,” Penaflor said.

Some businesses pay for the traffic and it would be expensive for them if they also have to pay for the bad bots.

“We have to make sure that we put the right techniques around it just to be sure,” Penaflor said. “We don’t control it a hundred percent but we mitigate it to make sure you still get the good bots.”

Akamai’s Bot Manager provides a flexible framework to manage bot traffic based on the needs of your business — to better engage with customers, improve security posture, and control the traffic coming to website every day.

Serto also shared how 6,000 of their customers were scanned for Drupal’s, a content management system, vulnerability on the first week the exploit was announced.

“When people are doing a reconnaissance across the internet, they are targetting everyone,” he said. “Everyone is a target and then people who don’t really have the right security controls in place, they get breached.”

Smaller organizations have become a gateway for cybercriminals to go through the larger organizations. When they scan smaller enterprises’ websites, they go through the list of who they are dealing with and then they launch an attack. This is called the supply chain attacks.

Akamai’s analysis of current cyber attack trends reveals the importance of maintaining agility not only by security teams but also by developers, network operators and service providers in order to mitigate new threats.


In the section of the report titled “The Rise of Advanced DDoS Attacks Highlights Need for Security Adaptability,” it shows that the simple volumetric DDoS attacks continued to be the most common method used to attack organizations globally, other techniques have continued to appear. For this edition of the report, Akamai researchers identified and tracked advanced techniques that show the influence of intelligent, adaptive enemies who change tactics to overcome the defenses in their way.

One of the attacks in the report came from a group that coordinated their attacks over group chats on STEAM and IRC. Rather than using a botnet of devices infected with malware to follow hacker commands, these attacks were carried out by a group of human volunteers. Another notable attack overwhelmed the target’s DNS server with bursts lasting several minutes instead of using a sustained attack against the target directly. This added to the difficulty of mitigating the attack due to the sensitivity of DNS servers, which allows outside computers to find them on the Internet. The burst system also increased difficulty by fatiguing the defenders over a long period of time.

The “Akamai State of the Internet / Security: Web Attack Report for Summer 2018” combines attack data from across Akamai’s global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.