Trustwave has released its latest threat intelligence report, the 2025 Trustwave Risk Radar Report: Hospitality Sector, and two supplemental deep dive reports: How Threat Actors Turn Vulnerabilities into Big Business and A DFIR Case Study in Hospitality.
Developed by Trustwave SpiderLabs, this in-depth reporting reveals how cybercriminals are professionalising, collaborating, and exploiting vulnerabilities in the hospitality industry at an unprecedented scale.
The hospitality sector, long focused on digital transformation to enhance guest experiences, now faces a rapidly evolving threat landscape. The new report uncovers how threat actors are leveraging advanced tactics, cooperative fraud schemes, and underground marketplaces to target hotels, restaurants, and casinos.
“This report couldn’t come at a more critical time for Australian hospitality operators,” said Trustwave’s Craig Searle. “Cybercriminals now operate like businesses. They collaborate, specialise, and focus on return on investment.”
“We have seen ransomware groups, like Akira and Conti affiliates, target Australian hospitality brands by exploiting third-party vendors and stolen credentials,” he continued. “Recent incidents involving TFE Hotels and the Fullerton Hotel Sydney show how attackers can cause widespread disruption when systems lack visibility, monitoring, or real-time response.”
“Compared to global trends, Australia’s regulatory framework emphasises stricter penalties for privacy violations and expanded oversight of third-party vendors, yet the sector remains a prime target for ransomware groups with hospitality environments creating ideal conditions for attackers.”
“Hospitality teams focus on delivering quick, seamless guest experiences, which can lead to gaps in security awareness. Cybercriminals exploit that mindset using fake booking messages, vendor impersonation, or urgent requests to get around defences.”
Key findings include:
-
Professionalisation and collaboration among threat actors: cybercriminals are mirroring legitimate industry practices, sharing knowledge, and coordinating attacks through dark web forums, encrypted messaging channels, and private marketplaces.
-
Deep access and system manipulation: once inside hospitality networks, attackers can manipulate property management systems, payment platforms, and guest communications, enabling sophisticated fraud, data theft, and operational disruption.
-
Fraudulent booking platforms and dark web travel agencies: SpiderLabs research exposes illicit booking services and “travel agencies” on the dark web, offering discounted stays and services using stolen payment credentials and compromised loyalty accounts.
-
Casino and restaurant fraud: the report details how attackers exploit point-of-sale systems and property management platforms to orchestrate chargeback scams and build entire illicit casino operations.
-
Actionable security recommendations: the report provides practical guidance for hospitality businesses to strengthen defences, detect fraud, and mitigate risk across digital and physical operations.
“The hospitality industry’s cybersecurity posture is approaching an inflexion point,” Searle said. “Businesses are increasingly having to balance cost pressures in a challenging economic environment, while balancing technological innovation with escalating threats.”
“Australia’s regulatory reforms, including heightened penalties and critical infrastructure protections, provide a framework for resilience, yet enforcement gaps will remain. These enforcement gaps pose the risk of legitimising poor behaviours from a cybersecurity perspective since there is little disincentive otherwise.”
“From an attacker’s perspective ransomware attacks continue to represent the best value-for-money strategy and so it is expected they will continue to grow in frequency over time. As artificial intelligence continues to evolve at a rapid rate the breadth of delivery channels, such as email, SMS, and social media, for the initial compromise attempt is expected to increase as well as the reliability and believability of that content when delivered.”
“Ultimately, this will increase the likelihood of successful attacks against Australian hospitality businesses unless further investment is made in improving preventative capabilities such as managed detection and response, email protection, and employee awareness training.”
“The hospitality industry’s rapid digital transformation has created new opportunities for both innovation and exploitation,” said Trustwave CISO Kory Daniels. “Our latest threat report demonstrates that cybercriminals aren’t just keeping pace with that transformation, but surpassing it by collaborating and industrialising their operations. Trustwave is committed to helping hospitality organisations stay ahead of these threats with actionable intelligence and world-class security solutions.”
