Cybercriminals Capitalizing on Resurgence in Travel

Multiple cybercrime groups have been spotted selling stolen credentials and other sensitive personal information pilfered from travel-related websites.

Much in the same way that cybercriminals followed the fervor around the pandemic, they now are doing the same with the travel boom, creating various scams that aim to take advantage of travel organizations, airlines, and individuals going on vacation.
Since the start of the year, security firm Intel 471 has tracked several cybercrime groups selling credentials and databases of stolen personal identifiable information (PII) tied to travel-related websites.
People are starting to travel more than they have in the past few years, so there is increased attention and heightened traffic online, Intel 471 researcher Greg Otto explains. Cybercriminals love operating in areas where a lot of people are congregating and trying to spend money ASAP.
The methods of malicious actors have evolved because of the concentration on PII: From reservations to rewards programs to security checks, these organizations collect a wide array of PII, he says.
He points to one threat actor that was specifically targeting individuals with at least 100,000 miles in their mileage rewards accounts. Other actors are seeking help in gathering additional information to perpetrate travel fraud schemes, offering up their own slate of PII as incentive.
Financially motivated cybercriminals have realized how much value lies in the data that travel companies and organizations collect, which is why they have moved to target organizations in the travel, aviation, and hospitality industry, he says. If that PII is not protected, its going to be targeted.
While ransomware-as-a-service (RaaS) does not appear to pose an acute threat to the global travel industry so far, an
Intel 471 blog post
outlined the threat RaaS has posed to regional airlines, including low-cost Indian
airline SpiceJet
and an unnamed Thai airline.
What can organizations do to deter cybercriminals from targeting their systems? Have written security policies and procedures tailored to your specific organization, Otto says, and craft expectations for protection of data, including the confidentiality of data, and set limits of permissible data access and use for employees.
Be aware of social engineering scams, have a robust passwords policy for employees and users, and patch vulnerabilities when applicable, he says.
Meanwhile, Intel 471 also noted activity around pro-Russia hacktivist groups, namely an actor joining KillNet, which has conducted attacks against targets in Romania and other countries providing support to Ukraine.
Threat actors are using their position within the government agencies to facilitate illegal border crossings for Ukrainian males aged 18 to 60.
“Accomplices used to facilitate the activity allegedly would transfer a person seeking to cross the Moldova-Ukraine border and bypass official checkpoints,” the blog post noted.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cybercriminals Capitalizing on Resurgence in Travel