Traveling resurgence exploited by cybercriminals

Threatpost reports that more threat actors have been engaging in travel-related cybercrimes amid the post-pandemic recovery of the travel industry. Numerous cybercriminals have been selling credentials from travel-related websites since January, with one threat actor posting mileage rewards account credentials from passengers of two U.S.-based airlines and U.K.-based travel site users, Intel 471 researchers found. "Access to these accounts allowed actors to leverage the rewards to book travel reservations for themselves and other customers. The accounts and their respective rewards points could be resold to other actors looking to conduct similar types of travel fraud activity," said researchers. Threat actors have also been launching attacks aimed at travel-related databases to steal personal identifiable information from employees and travelers. Stolen PII have been leveraged by threat actors to create fraudulent travel documents for illegal border crossings amid Russia's invasion of Ukraine. Pro-Russian hacking group KillNet has also attacked Romania's Air Traffic Services Administration and Bucharest Airport.