Sydney – May 22, 2025 – Trustwave, a leading cybersecurity and managed security services provider, has released its latest threat intelligence report, the 2025 Trustwave Risk Radar Report: Hospitality Sector, and two supplemental deep dive reports: How Threat Actors Turn Vulnerabilities into Big Business and A DFIR Case Study in Hospitality. Developed by Trustwave SpiderLabs, this in-depth reporting reveals how cybercriminals are professionalising, collaborating, and exploiting vulnerabilities in the hospitality industry at an unprecedented scale.
Craig Searle, director, consulting and professional services (Pacific) and global leader of cyber advisory, Trustwave, said, “This report couldn’t come at a more critical time for Australian hospitality operators. Cybercriminals now operate like businesses. They collaborate, specialise, and focus on return on investment. We have seen ransomware groups, like Akira and Conti affiliates, target Australian hospitality brands by exploiting third-party vendors and stolen credentials. Recent incidents involving TFE Hotels and the Fullerton Hotel Sydney show how attackers can cause widespread disruption when systems lack visibility, monitoring, or real-time response.
“Compared to global trends, Australia’s regulatory framework emphasises stricter penalties for privacy violations and expanded oversight of third-party vendors, yet the sector remains a prime target for ransomware groups with hospitality environments creating ideal conditions for attackers. Hospitality teams focus on delivering quick, seamless guest experiences, which can lead to gaps in security awareness. Cybercriminals exploit that mindset using fake booking messages, vendor impersonation, or urgent requests to get around defences.”
The hospitality sector, long focused on digital transformation to enhance guest experiences, now faces a rapidly evolving threat landscape. The new report uncovers how threat actors are leveraging advanced tactics, cooperative fraud schemes, and underground marketplaces to target hotels, restaurants, and casinos.
Key findings include:
- Professionalisation and collaboration among threat actors: cybercriminals are mirroring legitimate industry practices, sharing knowledge, and coordinating attacks through dark web forums, encrypted messaging channels, and private marketplaces.
- Deep access and system manipulation: once inside hospitality networks, attackers can manipulate property management systems, payment platforms, and guest communications, enabling sophisticated fraud, data theft, and operational disruption.
- Fraudulent booking platforms and dark web travel agencies: SpiderLabs research exposes illicit booking services and “travel agencies” on the dark web, offering discounted stays and services using stolen payment credentials and compromised loyalty accounts.
- Casino and restaurant fraud: the report details how attackers exploit point-of-sale (POS) systems and property management platforms to orchestrate chargeback scams and build entire illicit casino operations.
- Actionable security recommendations: the report provides practical guidance for hospitality businesses to strengthen defences, detect fraud, and mitigate risk across digital and physical operations.
Craig Searle said, “The hospitality industry’s cybersecurity posture is approaching an inflexion point. Businesses are increasingly having to balance cost pressures in a challenging economical environment, while balancing technological innovation with escalating threats. Australia’s regulatory reforms, including heightened penalties and critical infrastructure protections, provide a framework for resilience, yet enforcement gaps will remain. These enforcement gaps pose the risk of legitimising poor behaviours from a cybersecurity perspective since there is little disincentive otherwise.
“From an attacker’s perspective ransomware attacks continue to represent the best value-for-money strategy and so it is expected they will continue to grow in frequency over time. As artificial intelligence (AI) continues to evolve at a rapid rate the breadth of delivery channels, such as email, SMS, and social media, for the initial compromise attempt is expected to increase as well as the reliability and believability of that content when delivered. Ultimately, this will increase the likelihood of successful attacks against Australian hospitality businesses unless further investment is made in improving preventative capabilities such as managed detection and response, email protection, and employee awareness training.”
Kory Daniels, CISO, Trustwave, said, “The hospitality industry’s rapid digital transformation has created new opportunities for both innovation and exploitation. Our latest threat report demonstrates that cybercriminals aren’t just keeping pace with that transformation, but surpassing it by collaborating and industrialising their operations. Trustwave is committed to helping hospitality organisations stay ahead of these threats with actionable intelligence and world-class security solutions.”
Trustwave SpiderLabs’ 2025 research series on the hospitality vertical includes:
To access this year’s research, please click here for the full hospitality series.
About Trustwave
Trustwave is a globally recognised cybersecurity leader that reduces cyber risk and fortifies organisations against disruptive and damaging cyber threats.
