IHG (InterContinental Hotels Group) is one of the largest hotel groups in the world, with more than 6,000 hotels in approximately one hundred countries. Unfortunately, this British company made the news two weeks ago after finally acknowledging that the failure of more than 24 hours of your internal network (which caused problems with reservations and check-ins) It was really the result of a hack.… and not the result of “system maintenance” work, as they claimed at first.
Being a company of this caliber, to which formidable security measures are presupposedit would be logical to think that the person responsible for such a cyberattack had to go to a lot of trouble looking for security holes to ensure that his intrusion had such an impact.
It would be logical, yes. And indeed, it all started as a typical phishing attack who managed to trick a company employee into downloading malware attached to an email so he could capture his two-factor authentication code.
The digital version of having your house keys under your doormat
However, once that was achieved, the next step (access to IHG’s internal ‘password vault’) was insultingly easy, after discover that the password for it was ‘Qwerty1234’, possibly one of the most frequent in the world (although at least they were careful to mix upper and lower case).
“The vault username and password were available to all employees, a total of 200,000. And the password was extremely weak,”
We have known this detail thanks to the fact that those responsible for the cyberattack, a couple of Vietnamese hackers who go by the name of TeaPeacontacted the BBC (via Telegram) and provided them with screenshots as evidence that they had actually carried out the hack.
Said captures, whose veracity has been recognized by IHG, show that the attackers had access to internal company emails in Outlook, chats in Microsoft Teams and server directories. However, they claim not having stolen private customer data:
“Our attack had originally been planned as ransomwarebut the company’s IT team managed to isolate the servers before we had a chance to implement it, so we thought we’d have some fun and did a wiper attack [es decir, de borrado total de la información a la que tenían acceso]”.
“We don’t feel remorse, really. We prefer to have a legal job here in Vietnam, but the average salary is about $300 a month. I’m sure our hack won’t hurt the company too much.”
An IHG spokesperson claimed that it is untrue that the password vault was not secure, and that the attackers had to evade “multiple layers of security […] leveraged by many modern security solutions”, but did not give any details of them. The company acknowledges that some of its services “have returned to normal […] although they may remain intermittent”.
Via | BBC
Image | By regularguy.eth on Unsplash