the great hotel hack
play

The Great Hotel Hack Adventures in attacking hospitality industry - PowerPoint PPT Presentation

Feb 06, 2023 •202 likes •1.11k views

The Great Hotel Hack Adventures in attacking hospitality industry Etizaz Mohsin https://etizazmohsin.com Disclaimer No hotels were harmed during making of this presentation Do not try this at home! Images Courtesy: ANTlabs & INTSIGHTS

  1. The Great Hotel Hack Adventures in attacking hospitality industry Etizaz Mohsin https://etizazmohsin.com

  2. Disclaimer No hotels were harmed during making of this presentation Do not try this at home! Images Courtesy: ANTlabs & INTSIGHTS

  3. What this talk is not about

  4. What this talk is about Biggest threats are simple not sophisticated

  5. Previous Research

  6. Agenda • Why Do hackers attack hotel • Attack surface walkthrough • Common attack vectors • Who are threat actors • Notable Data breaches • What led to my research • Demo NSA style hack • Mitigations

  7. Security Point Products • Network Security • Endpoint Security • Data Security

  8. “Supreme excellence consists in breaking the enemy's resistance without fighting” – Sun Tzu

  10. Why Do Threat Actors attack Hotel ? • Second largest number of breaches after retail sector • Prominent hotel brands attacked repeatedly • Collect sensitive, valuable and varied data • Manage large number of financial transactions • Uses loyalty programs to encourage repeated visits

  11. Hotel attack surface • Large quantity of diverse endpoints • Access to mothership • Lack of employee security awareness • Undefined security responsibilities • High exposure to third parties

  12. Attack Vectors • Attacks on Point of Sale • Spear phishing attacks • WIFI network attack • DDOS and Botnet attacks • Internet of Things attacks • Brand Impersonation • Customer targeted attacks • Ransomware

  13. Threat Actors • APT28 Fancy Bear

  14. Threat Actors • Darkhotel APT

  15. Notable Data Breaches

  16. Disclaimer Once Again!

  17. How did this all start?

  20. Disclosure Timeline • 2018-10-31 : First vendor notification – immediate response • 2018-11-12 : Technical details sent to vendor • 2018-12-10 : Vendor questions feasibility • 2018-12-15 : Proof of concept sent • 2018-12-17 : Vendor acknowledges vulnerability • 2018-12-20 : Vendor discusses update plans • 2019-04-01 : Vendor assures patching

  21. Hmm ??

  22. Wi-Fi

  23. Captive Portal • Radius • LDAP • Voucher • SMS • PMS • Social Login Management Billing Feature • Web portal • Credit Card • Role based access • PMS (FIAS) • DNS server • DHCP • Firewall • Lawful interception

  24. Target Selection

  25. Attack Surface

  26. Web Management Portal • Get private data • Subscriber’s details, Network configuration, DHCP, DNS, firewall rules • Backup, logs, PMS, Guest details, SSL, SMTP • Set every parameter • DHCP, DNS, WAN, LAN, Route Configuration • Port forwarding, Syslog, SSL • Download • Configuration, database, backup, logs • Upload • Backup, Images

  27. Web Server

  34. TLS Certificates

  35. Database

  36. Read Write

  37. Firewall rules

  38. Configuration

  39. Guest Details

  40. Guest WIFI Configuration

  41. Session Riding

  42. Plain Text Credentials

  43. Enumerating Users

  44. SSH

  45. System

  46. Tools

  47. Configuration

  48. Owning DNS • HTTP/S Downgrade • Sniff plain text credentials • FakeDNS • WPAD abuse • Hash capture (http_ntlm) • Beef Hooks • Browser autopwn2 • Evilgrade • BDFProxy

  49. User Reset

  50. Management Portal

  51. Active Users

  52. Mac Addresses

  53. User Details

  54. DHCP Configuration

  55. DNS Configuration

  56. DNS Enteries

  57. DYNDNS Configration

  58. Network Configuration

  59. Routes

  60. Network Configuration Review

  61. Port Forwarding

  62. SSL Overview

  63. Subnets

  64. Interception

  65. Firewall rules

  66. Logs

  67. Guest Details

  68. PMS

  69. Backup

  70. SMTP

  72. GUESS WHAT ?

  73. DEMO

  75. So, Who is Vulnerable ?

  76. Once, we own the main box! • PMS • Corporate network • Electronic door locks • Alarm • HVAC • Guests devices • IOT devices • CCTV • In fact anything connected to the gateway

  77. Mitigations for Guests

  78. Mitigations for Guests

  79. Mitigations for Guests

  80. Mitigations for Guests

  81. Mitigations for Guests

  82. Mitigation for Guests

  83. Mitigation for Guests

  84. Mitigation for Owners • Train and re-train your staff • It takes one click on wrong link • Train employees on best practices and common attack vectors

  85. Mitigation for Owners • Strengthen your infrastructure • Avoid easy to guess passwords on POS • Use 2FA authentication • Ensure end point protection is up to date • Separate POS network from other • Filter remote access for POS controller • Segment WIFI Networks

  86. Mitigation for Owners • Regulate vendors • Ensure vendor meets compliance standard • Regularly assess the risk of their vendors and partners

  87. Mitigations for Owners • Threat hunt inside your network • Hackers move around to find valuable data • Monitor network traffic to identify suspicious activity and discover unauthorized access

  88. Mitigations for Owners • Create a incident response plan to speed up mitigation process.

  89. Conclusion • Stay aware while traveling • Use VPN or 4G LTE • Advanced persistent threats are devastating • Biggest threats are simple not sophisticated • No sign that attacks will slow down across any industry

  90. Thank You https://www.linkedin.com/in/aitezaz/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes Viral on Twitter By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

1.1k views • 3 slides
Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want FREEDOM! We want to use PEP313! Before we hack, Learn the internals Lexing - Tokenization - Read #define NEWLINE 4 #define INDENT

670 views • 36 slides
Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy towards NFC

704 views • 35 slides
Unique design Formerly the Great Eastern Hotel, Andaz London Liverpool Street is housed in a

Unique design Formerly the Great Eastern Hotel, Andaz London Liverpool Street is housed in a

Unique design Formerly the Great Eastern Hotel, Andaz London Liverpool Street is housed in a beautiful redbrick building dating back to 1884 a 21 st century masterpiece with a seamless blend of traditional and contemporary features throughout.

289 views • 9 slides
ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly 1, Paintings and Drawings by Vincent van Gogh Digitized and Put Online | Hacker News For people who don't live close to huge cities with big

269 views • 3 slides
SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland university computer science 1 Another kind of CFGs p D ( ) x e x e D ( ) q Effects on edges. Nodes called Nodes are

310 views • 19 slides
FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1 FC2015-RSDYK - Hack Pilot project: RSDYK2008 Trial to establish whether remote sensing in combination with geological knowledge can be used for

826 views • 10 slides
GREAT YEAR FOR ROSEWOOD GOLF CLUB LADIES A lovely lunch at the Marburg Hotel in late November

GREAT YEAR FOR ROSEWOOD GOLF CLUB LADIES A lovely lunch at the Marburg Hotel in late November

GREAT YEAR FOR ROSEWOOD GOLF CLUB LADIES A lovely lunch at the Marburg Hotel in late November followed the Rosewood Golf Club Ladies AGM and trophy presentations for midweek events. It was great to see so many ladies (past and present members)

470 views • 10 slides
Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017 Saarland University, Computer Science 1 Code Generation Consists (roughly) of three parts: 1. Instruction Selection Select processor instructions for

282 views • 9 slides
SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make Your Boots Slip-Proof May 18, Attach your Water hose. Wet your slide, this just helps for the first few slides. Once the kids get going, their

308 views • 3 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland university computer science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy from x 2

223 views • 20 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland University, Computer Science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy

394 views • 22 slides
Great Eagle Holdings Investor Presentation Q1 2017 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q1 2017 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q1 2017 1 Great Eagle Holdings Limited Background A Leading Property and Hotel Company with Prime Assets in Global Gateway Cities Long operating and listing history - Founded in 1963 and listed since

838 views • 45 slides
Great Eagle Holdings Investor Presentation Q1 2020 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q1 2020 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q1 2020 1 Great Eagle Holdings Limited Background A Leading Property and Hotel Company with Prime Assets in Global Gateway Cities Long operating and listing history Founded in 1963 and listed

308 views • 28 slides
Great Eagle Holdings Investor Presentation Q3 2018 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q3 2018 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q3 2018 1 Great Eagle Holdings Limited Background A Leading Property and Hotel Company with Prime Assets in Global Gateway Cities Long operating and listing history - Founded in 1963 and listed since

505 views • 31 slides
Great Eagle Holdings Investor Presentation Q3 2017 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q3 2017 1 Great Eagle Holdings Limited Background A

Great Eagle Holdings Investor Presentation Q3 2017 1 Great Eagle Holdings Limited Background A Leading Property and Hotel Company with Prime Assets in Global Gateway Cities Long operating and listing history -

619 views • 31 slides
Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li You heard a lot ... Like this But not from Hong Kong 2014-2015 7 2016: APT 3 targeted the organizations with

635 views • 42 slides
Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department,

Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department,

Notes Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 14 Guide to analyzing data Notes Type of Data Exploration Statistics RByEx ecdf(br$logbreach)

281 views • 3 slides
MITREATT&CK FOR RED TEAMING ABOUT ME Niklas Srkaari @ukk1sec Red Teamer

MITREATT&CK FOR RED TEAMING ABOUT ME Niklas Srkaari @ukk1sec Red Teamer

MITREATT&CK FOR RED TEAMING ABOUT ME Niklas Srkaari @ukk1sec Red Teamer (Senior Security Consultant) @ F-Secure MITREATT&CK Knowledge base of adversary tactics, techniques and procedures (TTPs) Develop skills for

778 views • 33 slides
An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20

An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20

An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20 November 2014 Who are we? Enrico o Frument nto Rober erto Puricelli lli (twitter: enricoff) (twitter: robywankenoby) ICT Security Specialist @

895 views • 67 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses & worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
TERENA Special Interest Group (SIG) Task Force vs. Special Interest Group Task Force Special

TERENA Special Interest Group (SIG) Task Force vs. Special Interest Group Task Force Special

Utrecht, Netherlands 3-4 September 2014 Peter Szegedi PDO szegedi@terena.org www.terena.org TERENA Special Interest Group (SIG) Task Force vs. Special Interest Group Task Force Special Interest Group Terms of Reference Charter

74 views • 4 slides
American National Government POL 140 Sections 3-6 Interest Groups Drew Seib October 29, 2012

American National Government POL 140 Sections 3-6 Interest Groups Drew Seib October 29, 2012

American National Government POL 140 Sections 3-6 Interest Groups Drew Seib October 29, 2012 Drew Seib Interest Groups Announcements Updated Syllabus on Blackboard. Make sure you use THIS syllabus. Paper Due Date Exam 2 Date Extra

531 views • 14 slides
Lecturer: Dr. Kingsley Nyarko , Department of Psychology Contact Information: knyarko@ug.edu.gh

Lecturer: Dr. Kingsley Nyarko , Department of Psychology Contact Information: knyarko@ug.edu.gh

Lecturer: Dr. Kingsley Nyarko , Department of Psychology Contact Information: knyarko@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015 2016/2017 Session Overview At the end of the session, the student

763 views • 22 slides

More recommend