Invest more in cyber security – number of serious hacker attacks is rapidly increasing
Hamburg, Germany – 8 March 2017 –
The new year starts off with a scandal: The “Romantik Seehotel Jägerhof“ in Austria‘s Turracher Höhe was blackmailed by a hacker for the fourth time. Only after a Bitcoin payment worth of 1,500 euros, the previously encrypted cash register, reservation and key system was released again. These kind of hacker attacks are the order of the day in the hotel industry.
Most recently, Hilton’s, Starwood’s and Mandarin Oriental’s payment systems were hacked – and Oracle Hospitality was also affected. The data thieves were after the guests’ credit card data; hotels repeatedly have to ask their guests to check their monthly statement, often weeks or even months after the attacks. Three years ago, Kaspersky uncovered a large-scale attack on luxury hotels that had been going on for months. The initiative “Darkhotel” specifically followed around and spied-out top managers via the patchy wireless networks of top hotels.
Hacker attacks affect companies as much as state institutions. The newly founded IT Centre of defence of the British intelligence service GCHQ recently reported on 60 serious hacker attacks on the UK’s infrastructure. In light of the increasing networking across hotel systems via smartphones and tablets – open Wi-Fi access and check ins via apps like Conichi, H-Hotels, Hotelbird (German Hospitality) or Hilton’s Honor – the risk of unnoticed data access is growing. In most of the cases the data thefts were only uncovered many weeks after the attack, when hackers were long gone with the debits.
In E-Commerce there’s always new types of cybercrime. The Federal Office for IT Security recently uncovered a so-called online skimming of more than 1,000 online shops. Cyber criminals used security gaps in outdated versions of shop software in order to infiltrate harmful program code. This in turn spies out customers’ payment information during the order process and submits it to the hackers. Online shops based on the widespread software Magento were affected.
Another spearhead of cyber criminals is identity theft. This means misusing personal data for fraudulent purposes. Stealing another person’s identity online often only requires little information like first name and surname, date of birth and address, e-mail address or just a person’s photo. Through a method called phishing, perpetrators can gain access to their victims’ data via fake e-mail messages. Cyber criminals often use identity theft to steal money, either via bank account transfers or debits or via online purchases under the victim’s name. Personal data may also be misused for cyberbullying. The perpetrator creates a social media profile with someone else’s name and posts compromising messages and pictures. At the same time, social media is a rich source for personal data that may be misused for identity theft as many people consciously or unconsciously share sensitive data about themselves.
When using social media, e-mail accounts or online shops it’s important to only provide as much information as necessary to log in. It’s always worth asking yourself, which information you’d give to a stranger in a first conversation. The private settings in social media should be adjusted accordingly, so that only friends and direct contacts can see your content. The same rule applies as with web service and mobile log-ins: There should be a separate, secure password for every single online profile used in order to prevent criminals from accessing other profiles in the case of data theft. As with card payments or cash machines, it’s important to check that nobody is watching while entering PINs and passwords.
„Even if cyberbullying doesn’t constitute a crime in itself, it does include other offences that have legal consequences for the perpetrators“, says Gerhard Klotter, chairman of the nation-wide program “Commission for crime prevention”. Cyberbullying includes insults, threats or coercion via the internet.” Misusing the identity of another person in the process is also punishable.” The police points out that victims of cyberbullying should never keep it to themselves and instead tell others or the police.