Hospitality phishing & ransomware rising

ReliaQuest recorded a 433% surge in attacks against external remote services (VPNs, VDIs, RDP) targeting hospitality between Sept. 1, 2024 and Feb. 28, 2025, driven by brute‑force campaigns that hit nearly 2.8 million IPs in January 2025. (reliaquest.com) Trustwave’s 2025 SpiderLabs analysis found roughly 15,000 critical vulnerabilities exposed to the public internet and reported that 61.5% of initial‑access attempts against hospitality targets tried to exploit publicly exposed services. (trustwave.com) ReliaQuest found that 44% of phishing emails in the sector included credential‑harvesting pages, and VikingCloud’s 2025 survey reported 82% of North American hotels experienced a successful cyberattack during summer 2024. (reliaquest.com) MGM Resorts’ September 2023 outage — attributed to Scattered Spider/ALPHV and which disrupted reservations, mobile apps and payments — cost the company an estimated $100–$110 million according to its SEC filing and multiple industry reports. (techcrunch.com) Supply‑chain escalation is explicit: Veeam and RSA analyses warn attackers move from compromised vendors into downstream procurement and operations systems using legitimate supplier credentials, and ReliaQuest documented attackers leveraging stolen or brute‑forced credentials to reach internal systems. (veeam.com) Industry guidance therefore emphasizes concrete controls—enforce MFA and conditional‑access for remote/vendor logins, maintain immutable offline backups, and adopt network segmentation—while VikingCloud data shows hotels that use Managed Security Service Providers were over 80% more likely to resolve incidents in under 12 hours. (reliaquest.com)