InterContinental Hotels reported one-third of their 5,000 global properties were impacted by malware.
Worldwide hotel group InterContinental Hotels, with brands including Holiday Inn Express, Holiday Inn, Candlewood Suites, Staybridge Suites, Crowne Plaza, Hotel Indigo, and Holiday Inn Resort, has reported an unwelcome guest in nearly one-third of their 5,000 global properties: malware.
Properties across the US and Puerto Rico were impacted by malware that according to a statement released by IHG, “identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016, and December 29, 2016.” Designed to steal info from a payment card’s magnetic stripe, InterContinental believes the malware could have stolen the affected properties’ guest credit card numbers, expiration dates, and verification codes.
It’s unclear how many customers have been impacted, but Krebs on Security has reported that the IHG state lookup tool shows there are at least 1,175 properties on the companies’ list so far, and not all franchises have performed the free examination by an outside computer forensic team hired by IHG to look for signs of the malware. As a result, there may be more breached hotel locations that have yet to be identified.
Additionally, the company states there is no evidence of unauthorized access to payment card data after December 29, 2016, but the cybersecurity firm hired to investigate the breach did not confirm the malware was eradicated until March of this year.
How long is too long to discover a breach?
Hotels have been hit hard with card breaches over the last year including Kimpton Hotels, Trump Hotels (twice), Hilton, Mandarin Oriental, White Lodging (twice), Starwood Hotels and Hyatt. It’s clear that hotels and any organization that handles sensitive information and customer data need to evaluate their current approach to security to protect against POS malware breaches.
InterContinental didn’t realize they had a malware infestation for several months. It then took other 2-3 months to remediate, with several franchises still refusing remediation/checks. Allowing a malware infection to persist for that length of time should not be acceptable to any company. Unfortunately, according to multiple industry surveys, on average it takes 6 months or more for most companies to realize they have a breach. The costs associated with remediation, litigation, and loss in consumer confidence should be more than enough reason to seek out proactive solutions to look for compromises before they can wreak havoc and hemorrhage customer data.
It’s no longer enough to rely on anti-virus and real-time threat detection. Hackers continue to find ways to bypass these defenses and quietly carry out their mission to steal your data. Threat hunting is the practice of proactively searching for hidden compromises such as malware, suspicious code and unauthorized activity that have bypassed existing security defenses. The goal is to reduce the dwell time of attackers – the period between infection and discovery – so you can stop them before they have the opportunity to exfiltrate data and/or corrupt systems.
Turn your security team into hunters
If it sounds daunting to stand up a hunt team, it doesn’t have to be. Once a manual and onerous task best suited to forensic specialists, there are new technologies that automate the process of threat hunting. Take for example Infocyte’s hunt platform.
Infocyte HUNT can easily convert your existing security team into threat hunters who can quickly – and definitively – reduce your risk of damage and theft. It provides an easy-to-use, yet powerful solution to limit risk and eliminate attacker dwell time by enabling an organization’s own IT and security professionals to proactively discover malware and persistent threats, active or dormant, that have successfully evaded existing defenses and established a beachhead within the network. No other solution puts you into incident response mode with clear, actionable data faster – and with less effort on your part.
Learn more about reducing attacker dwell time with Infocyte HUNT.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »