Travel companies need to prepare for an increase in cyber attacks when travel restrictions are lifted, security experts say.
While figures from Arkose Labs show a doubling in the attack rate for retail and travel for the first quarter of 2020, up from 13% of transactions to 26%, this may have been driven by phishing attacks related to refund or voucher claims, as well as to travel companies having to build software rapidly to cater to refund demand.
Although some travel companies, including Booking Holdings, say they are experiencing increased attacks, experts believe that fraudsters, with a lot of time on their hands now, could be coming up with inventive ways to defraud consumers and businesses at a later stage.
Aleksander Kijek, chief product officer of fraud specialist Nethone, says:
“Travel is really down apart from bringing citizens back, so it’s not that right now fraudsters are targeting the travel space. They will be waiting for the moment when the bans are lifted and airlines start business anew because it will be a period of time when airlines are doing everything they can to grow their revenues and work out losses, and that’s the space where fraudsters will be really active.”
Kijek says that while restrictions were being put into place and flights were cancelled, there may have been an increase in fraud, but he believes a percentage of that activity could also be explained by credit card companies attributing chargebacks as fraud.
Although a number of large breaches have come to light recently, including one in late March on Norwegian Cruise Line and a second Marriott International attack, which the hotel brand discovered at the end of the February, experts say these are not always attributable to bad actors.
Patrick Martin, senior threat intelligence analyst for digital risk specialist Skurio, says:
“There are so many types of breaches from data exposed because it’s not secured, even though no one has seen it."
He adds that sometimes, data is left wide open because it's test data, or it's being used temporarily for development. Quite often, Martin says breaches simply come down to “poor security hygiene.”
Working from home
A further area that has hit headlines recently is the potential for fraudsters to access sensitive information via collaborative tools.
Martin says that most companies probably don't have a written policy on working from home with details on how collaboration tools should be used and where employees are allowed to use them.
Experts also cite the potential threat from disgruntled customers who are frustrated about refunds or employees who may have been put on unpaid leave.
Martin says:
“If you end up with a swathe of customers who have had a bad experience and have collective animosity against a travel company, things like refunds might attract bad behavior.”
Subscribe to our newsletter below
Kijek also believes travel companies could be more vulnerable to attacks from disgruntled employees currently, saying:
“The travel space is exposed in terms of disgruntled employees because they are being asked to take unpaid leave. Secondly, there are less people working at the airline or are working from home, so the IT infrastructure and the data held within the travel space is far more sensitive to attacks.
“This might be a period of time of preparation for fraudsters, so companies need to question how secure their infrastructure and data is as well as the security of the connection employees have to the whole infrastructure and the VPN for each employee."
He adds that companies also need to “minimize the unhappiness of employees” and make sure they are communicating with them.
His advice for companies going forward, as travel bans are lifted, is to keep a close eye on sudden growth in bookings.
“For sure, people who have been at home for weeks will want to travel, and there will be an intensification, so they need to spot fraudsters who would love to get on that train. It’s a bit like Black Friday, where event hough you have a general spike in activity among genuine customers, you have even higher from fraudsters.”
While travel companies might be seeking increased efficiency through automation, Thorsten Geissel, director for sales engineering, EMEA, for Tufin, a firewall and network security specialist, says that the advice for companies during the current crisis remains unchanged.
“While moving applications to public infrastructure you need to have the same level of data privacy and security as you would have for your own secure data center.”
Lock up your data
Martin adds that most unsecured online data breaches are generally preventable and compares it to homeowners locking up properly at night.
“You check your front door and your back door. People running systems should be doing the same things, checking the permissions on those repositories because someone could turn those off.”
Sticking with the home analogy, he says that homeowners don’t just give keys to anyone, so likewise, companies should act in a similar way with access provided on a “need to know principle.”
Finally, Martin says that servers and online data repositories have logs for when they have been accessed and by whom.
“People should be checking for access outside of hours and from foreign IP addresses and asking questions about what they are doing on their systems.”