Phishing smell after hackers check in

Phishing smell after hackers check in

by Andrew
January 14, 2022

A recent phishing attack on a major hotel chain highlights the risks of large, distributed work forces.

Nordic Choice Hotels operates over 200 hotels in Northern Europe. Like all hotels, their employees are constantly interacting with and communicating with all kinds of different people – guests, contractors.

One day a hotel employee received an email that looked like it was from a tour operator that often communicated with the hotel chain.

Actually, it was an email sent by a hacker – camouflaged as a legitimate email from a normal contact. There was a link in the email to a site filled with malware, and the employee clicked on the link, probably thinking it was something normal – like a link to an invoice or a discount deal or something.

The hackers used this small mistake to break into the hotel chain’s network, disable the antivirus system, and start copying files. Fortunately, they never managed to access customer data – but they did get their hands on some employee data.

After 36 to 48 hours of snooping around, the criminals deployed ransomware and encrypted a lot of the company’s files. The hackers released some employee data on the dark web – probably just as a threat to get the company to pay a $5 million ransom.  

If the employee had recognized the spear phishing attempt and not clicked on it – maybe the hotel never would have gotten hacked. Even after the fact – if the employee had recognized something was amiss and reported the suspicious email, a security team might have been able to secure critical data or even kick the hackers off the network while they were still snooping around!

These are two of the core things employees learn how to do in the MonkPhish game, by the way – how to recognize spear phishing emails and how to properly report them.

Fortunately, Nordic Choice Hotels bounced back. They refused to buckle to the criminals’ pressure and pay the ransom. Employees used pencil and paper to check in guests and found other work-arounds to keep operations going.

An IT team rapidly migrated the company to a totally different cloud-based platform and restored operations quickly. You can read about their inspiring turn-around in this WSJ piece here. However, there are still some problems with some of their computer systems. 

To keep up to date with MonkPhish and cyber news, subscribe below!