Point of Sale related attacks no longer dominate breaches in Accommodation and Food Services. Instead, responsibility is spread relatively evenly among several attack types including malware, error and hacking via stolen credentials. Financially motivated attackers continue to target this industry for the payment card data it holds.
125 incidents, 92 with confirmed data disclosure
Crimeware, Web applications, and Point of Sale represent 61% of data breaches
External (79%), Internal (22%), Multiple (2%), Partner (1%) (breaches)
Financial (98%), Secondary (2%) (breaches)
Payment (68%), Personal (44%), Credentials (14%), Other (10%) (breaches)
Limitation and Control of Network Ports, Protocols, and Services (CSC 9), Boundary Defense (CSC 12), Data Protection (CSC 13)
- 2020 DBIR
- DBIR Cheat sheet
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Educational Services
- Financial and Insurance
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Download the full report (PDF)
Breaches Served with a Smile
The Accommodation and Food Services industry is one that we have been tracking for quite a while. There’s just something welcoming about it that keeps us coming back. One lesson that we learned from all our time spent here is that malware plays a relatively large role in this industry. Crimeware and Point of Sale (both malware dependent) represent two of the top three patterns this year. These are joined by this year’s darling of Web applications attacks, which covers both the Use of stolen credentials and the Exploitation of vulnerabilities, as seen in Figure 53.
86 the PoS breaches
We reported last year on the decrease in different attacks targeting the PoS, either the malware-based remote attacks or the skimmers, and this trend has continued this year as well (Figure 54). Even though PoS intrusions are still relatively common, accounting for 16% of breaches in this industry, they are nowhere near their highwater mark back in 2015. This may be (and probably is) indicative of the trend of adversaries to more quickly monetize their access in organizations by deploying ransomware rather than pivoting through the environment and spreading malware—a more time-costly endeavor.
Do you want malware with that?
In spite of the decline in PoS intrusions, we’re still seeing Crimeware being leveraged to capture payment card and other types of data at a higher rate than in our overall dataset, accounting for a quarter of the breaches this year. The malware is found on desktops and servers alike. With regard to type, Figure 55 shows a decrease of RAM scrapers an increase of malware that enables access to the environment, such as Trojans, Backdoors and C2. There is also a continued rise in Ransomware, which has been known to leverage existing infections to access the environment. While Ransomware is not the top malware variety in breaches, or showing up in scans, it should be on your radar.
More than just dollar bills y’all
This is an industry rich in payment data, and that makes for an easy dollar for bad guys. But Payment data isn’t the only type of data being compromised. Instead, we see Personal data being compromised, often as a byproduct of attacks, so be sure to pay proper attention to your security program outside of your payment card environment.