Cybercriminals industrialise attacks on hospitality sector, report finds

Trustwave has released its latest threat intelligence report revealing the growing professionalisation of cybercriminals targeting the hospitality sector and the emergence of dark web travel agencies offering illicit services.

The 2025 Trustwave Risk Radar Report: Hospitality Sector, along with two supplemental deep dive reports, outlines how cybercriminals are collaborating, exploiting vulnerabilities, and leveraging sophisticated methods to conduct attacks on hotels, restaurants, and casinos.

Craig Searle, Director, Consulting and Professional Services (Pacific) and Global Leader of Cyber Advisory at Trustwave, said, "This report couldn't come at a more critical time for Australian hospitality operators. Cybercriminals now operate like businesses. They collaborate, specialise, and focus on return on investment. We have seen ransomware groups, like Akira and Conti affiliates, target Australian hospitality brands by exploiting third-party vendors and stolen credentials. Recent incidents involving TFE Hotels and the Fullerton Hotel Sydney show how attackers can cause widespread disruption when systems lack visibility, monitoring, or real-time response."

Searle continued, "Compared to global trends, Australia's regulatory framework emphasises stricter penalties for privacy violations and expanded oversight of third-party vendors, yet the sector remains a prime target for ransomware groups with hospitality environments creating ideal conditions for attackers. Hospitality teams focus on delivering quick, seamless guest experiences, which can lead to gaps in security awareness. Cybercriminals exploit that mindset using fake booking messages, vendor impersonation, or urgent requests to get around defences."

According to the report, threat actors are emulating legitimate industry practices and are sharing both expertise and attack strategies using dark web forums, encrypted messaging apps, and private online marketplaces. Trustwave researchers found that once attackers infiltrate hospitality networks, they are able to manipulate property management systems, payment platforms, and guest communications. This access enables a range of malicious activities, including data theft, fraud, and significant operational disruption.

The report details the rise of fraudulent booking services and dark web "travel agencies" that advertise discounted stays and packages using stolen payment information and compromised loyalty program accounts. Attackers are also exploiting point-of-sale (POS) systems and property management software to conduct chargeback scams and set up entire illicit casino operations online.

Trustwave SpiderLabs has also identified practical measures for hospitality businesses to strengthen their cybersecurity posture, enhance fraud detection, and reduce risk across both digital and physical channels.

Reflecting on these ongoing developments, Searle observed, "The hospitality industry's cybersecurity posture is approaching an inflexion point. Businesses are increasingly having to balance cost pressures in a challenging economical environment, while balancing technological innovation with escalating threats. Australia's regulatory reforms, including heightened penalties and critical infrastructure protections, provide a framework for resilience, yet enforcement gaps will remain. These enforcement gaps pose the risk of legitimising poor behaviours from a cybersecurity perspective since there is little disincentive otherwise."

Searle added, "From an attacker's perspective ransomware attacks continue to represent the best value-for-money strategy and so it is expected they will continue to grow in frequency over time. As artificial intelligence (AI) continues to evolve at a rapid rate the breadth of delivery channels, such as email, SMS, and social media, for the initial compromise attempt is expected to increase as well as the reliability and believability of that content when delivered. Ultimately, this will increase the likelihood of successful attacks against Australian hospitality businesses unless further investment is made in improving preventative capabilities such as managed detection and response, email protection, and employee awareness training."

Kory Daniels, Chief Information Security Officer, Trustwave, noted, "The hospitality industry's rapid digital transformation has created new opportunities for both innovation and exploitation. Our latest threat report demonstrates that cybercriminals aren't just keeping pace with that transformation, but surpassing it by collaborating and industrialising their operations. Trustwave is committed to helping hospitality organisations stay ahead of these threats with actionable intelligence and world-class security solutions."

The Trustwave SpiderLabs 2025 research series for the hospitality industry spans the main Risk Radar Report along with two deep dive supplements addressing the mechanics behind how attackers monetise vulnerabilities and a digital forensics case study in the sector.

The research points to an urgent need for hospitality businesses to increase investment in preventative security tools, as well as improve staff awareness and monitoring procedures to mitigate evolving and collaborative cyber threats.