Bitdefender warns hospitality industry of attacks on IRM-NG booking engine

September 8, 2023

Caption: The hackers’ procedure: 1. the content of the webshell is uploaded to the database record. 2. a new record is created with instructions for the file upload service. 3. the service stores the contents of a cell in a library in the System32 folder. (Image source: Bitdefender)

Vulnerability remains unsecured – cybercriminals steal credit card details, passwords and customers’ personal data

Bitdefender has published recent research findings from a campaign currently underway by cybercriminals targeting the IRM-NG booking platform used in the hospitality industry. The attackers are using vulnerabilities in the platform in combination with backdoors and techniques to bypass password validation on the endpoint device to steal customers’ credit card information, passwords and personal data. Bitdefender has not received a response from vendor Resort Data Processing (RDP) to its advisories for months. The vulnerability continues to exist.

Bitdefender was able to trace the attacks back to the summer of 2022 and attribute them to a specific group. The group’s custom attack consists of several modules designed to blend in with legitimate software and operate unobtrusively. The malware and other tools indicate that the group knows the internal workings of IRM-NG very well and that this is probably not the first operation they have launched against this software.

Attackers can generate passwords themselves

The IRM-NG engine allows employees of the vendor RDP to log in to their customers’ clients via a special administrator account – with password validation taking place on the end device and not on the vendor’s servers. The password validation algorithm is located in the Dynamic Link Library (DLL) and is weak, according to Bitdefender experts. Attackers can use this vulnerability to generate the daily password themselves and successfully log into any account of the client company.

Vulnerability remains unsecured

Bitdefender has sought contact with RDS for months, including via email, Twitter, LinkedIn and an official bug bounty program, but has received no response. As a result, the vulnerability remains unsecured and users remain vulnerable. As a result, Bitdefender advises hospitality organizations using IRM-NG to exercise increased vigilance and review the IOCs from the research presented by Bitdefender. Defenses against modern attacks such as this should include a “defense-in-depth” architecture that includes threat prevention, detection and response through solutions such as XDR/EDR or managed security services such as MDR.

Related Articles

Infineon: Roadmap for power supply units in AI data centers

Infineon: Roadmap for power supply units in AI data centers

Artificial intelligence leads to increasing energy demand of data centers worldwide Infineon’s new Power Supply Units (PSU) strengthen its leading position in AI power supply based on Si, SiC and GaN Operators of AI data centers benefit from the world's first 12 kW...

SITA unveils latest evolution in total airport management

SITA unveils latest evolution in total airport management

Launch of the new AI-powered platform follows a successful demonstration in 2023 with Canada’s Greater Toronto Airports Authority SITA, a leading technology company in the air transport industry, has launched its trailblazing airport management tool, the SITA Airport...

Share This