As the COVID-19 vaccine rollout continues and the prospect of conferences, summits and in-person events once again become a reality, international business travel is slowly set to return. However, new requirements for travelers such as proof of vaccination and negative tests are presenting opportunities for threat actors to exploit the confusion and target business travelers and the travel industry.
For those who will once again be making those journeys, it will be more important than ever to be vigilant and alert — not just in following the correct health practices but also to mitigate the risks posed by new, evolving security challenges. So, what are these new threats to travelers and the travel industry, and what can be done to combat them?
A New Market for Exploitation
Proof of vaccination and negative COVID-19 test results have become a hot commodity in recent months, with many countries and events requiring one or the other from visitors. For those that have so far been unable to get a vaccination, or those that refuse to, demand for proof of these records is being met online via messaging channels, Clearnet and dark web markets. For example, in the US, blank Center for Disease Control and Prevention (CDC) vaccination record cards are selling for up to $60.
In a search across hundreds of dark web and Clearnet sites, Accenture’s Cyber Threat Intelligence (ACTI) found many instances of people seeking out fake negative test results to leave their country on English-speaking forums. Of course, more and more people are gaining access to vaccinations. Still, demand is set to remain strong for the foreseeable future, driving entrepreneurial threat actors to enter the market and take advantage. Increased competition will, therefore, see an increase in the quality of these forged documents.
The Demand for Traveller Data and New Malicious Applications
As the travel industry begins to bounce back, the underground market for traveler data will flourish, including payment cards, flyer miles, hotel points and travel account credentials. Business travelers with high volumes of frequent flyer miles are an attractive prospect for threat actors, as they accumulate greater perks and credit limits.
These attacks come from various directions in different forms — ACTI has observed a threat-actor advertising network access to multiple airlines in Kuwait and Thailand, for example. And, in the last 18 months, many are exploiting the rush to implement new COVID-19 related applications that travelers are encouraged to use — threat actors are using the pandemic theme to lure users into deploying spyware, banking Trojans or adware onto mobile devices.
Company executives are often near the top of threat actor target lists, as they offer an opportunity to steal company data, proprietary information or secrets that can be used to extort these high-level professionals. Advanced espionage DarkHotel actors, tracked by ACTI as SNIPEFISH, have been targeting these sort of VIPs since at least 2007, exploiting high-end hotel and business Wi-Fi networks to spy on targets. With the rise of spyware and stalkerware software since 2020, CEOs and other executives will need continued vigilance to protect their data as they resume important business trips.
Mitigating the Threats
The current state of travel requires a great deal of cooperation, sharing of data and integrated technologies, meaning organizations have to employ a more robust approach than before when resuming business travel. There are several actions organizations can take to mitigate risks:
- Stay ahead of the game — use dark web intelligence to remain ahead of data breaches while monitoring for compromised user credentials
- Ensure staff vigilance — staff should be advised against posting screenshots of their COVID-19 test results or vaccine cards to protect personal data; a pre-travel checklist of required documentation will also minimize any confusion
- Educate the first line of defense — educating staff on how to stay secure is crucial; advice on connecting to open Wi-Fi networks, using privacy screens, antivirus scanning and updating operating systems will reinforce them as the first line of defense
- Do your due diligence — businesses should carry out risk assessments on travel requirements of destination countries, as well as stay up-to-date on COVID requirements on a national and local level
- Secure all devices — ensure all accounts and devices are secured with multi-factor authentication and encourage staff only to carry essential corporate devices on journeys
New travel measures have opened up fresh avenues for threat actors to manipulate and exploit travelers returning to in-person conferences, events and meetings. But with a heightened awareness of these new threats and with a cohesive set of measures in place, businesses can ensure the resilience and security of sensitive data in the months to come.