Top Cyberthreats for Hotels

RH-ISAC reviews five of the most common cyber threats to hotels and how companies can mitigate these risks.
People checking into a hotel

As travel restrictions ease in 2022, hotel InfoSec departments are preparing for an influx of customers as well as an increase in cyber attacks. Hotels secure a large amount of sensitive customer data and have a broad attack surface, so they are common targets for threat actors.

Here are five of the top cyber threats facing the hotel industry.


Hospitality has the highest phish-prone-percentage score of any industry at 48%, 10% higher than the next industry, construction, at 38%. It is no wonder then that in a recent Ironscales survey, 90% of hospitality IT professionals ranked phishing as one of their top concerns.

Hotels began seeing a rise in phishing attacks at the onset of the pandemic with threat actors using COVID-19 and its severe impact on the hospitality industry as an in. Employees unknowingly clicked on malicious links and attachments from threat actors posing as concerned customers or vendors offering safety solutions. However, even before the pandemic, hotels have been a lucrative target for phishing attacks because of their volume of customer data, large employee base, and frequent use of third-party vendors have provided motive and means for threat actors. For example, a major phishing attack in 2019 infiltrated hotel networks by posing as a vendor requiring payment. Opening the fake invoice executed PowerShell scripts and installed a trojan, leading to compromise of the system.

Point-of-Sale Attacks

Hotels process a high volume of transactions through point-of-sale (POS) systems at their physical locations, online through their websites, as well as through third-party vendors. This huge attack surface, spread out over great geographical distances, leaves hotels extremely vulnerable to point-of-sale attacks. Threat actors will take advantage of known vulnerabilities and predictable peak seasons when software updates may be delayed to install data scraping malware that can sometimes remain for months undetected. During that time, the credit card and personal information about the hotels’ guests may be exposed, allowing threat actors access to a treasure trove of funds, particularly when attacking luxury hotels with wealthy clientele.

Wi-Fi Infiltration

DarkHotel is a cyberattack group known for using hotel Wi-Fi networks to gain access to specific targets of relevance which most often includes high-level business executives or political figures. They will preemptively infiltrate the hotel’s Wi-Fi, then use social engineering tactics, including spear-phishing and software download prompts, to install malware on the target’s machine and then siphon information. This is a short-lived attack, and there is a high potential for discovery, so attackers must work quickly to obtain the sensitive information they’re after, but even a short-lived intrusion can be damaging.

DDoS Attack

Between January 2020 and March 2021, DDoS attacks increased by 55%, according to F5. The hospitality industry is regularly one of the most targeted industries for bot attacks, particularly through the use of browser impersonation. DDoS attacks can be extremely costly for hotels that rely on networks for everything from reservations, to payment, to the services such as entertainment they provide to guests.


These days no industry is safe from the threat of ransomware. According to Fortinet, ransomware grew 1070% between July 2020 and June of 2021. Hotels are at an increased risk of being the victim of ransomware due to their high revenues and susceptibility to some of the threats previously discussed. Ransomware is often deployed by way of malware downloaded from phishing emails. Ransomware groups are also now leaning on methods such as DDoS attacks and data leaks as additional methods of extortion. Guarding against these threats will help hotels reduce their likelihood of being a ransomware victim.

Combating Threats

RH-ISAC assists our hospitality members in defending against these threats through exclusive access to resources, events, and threat intelligence sources. Members receive daily intelligence reports, as well as quarterly trends analysis reports, and reports from industry partners, which provide insights into the types of malware and phishing scams peer companies are seeing. RH-ISAC also provides training resources such as webinars during Security Awareness Month which can be used to educate your employees on topics like phishing, password policies, and multi-factor authentication. Plus, working groups focused on areas such as ATO prevention, incident response, and security awareness give members a platform for collaboration with other companies facing similar threats. Learn more about RH-ISAC membership.

More Recent Blog Posts