May 21, 2025 1 Minute Read

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data.

To help organizations in the hospitality sector address these risks, Trustwave SpiderLabs has released the 2025 Trustwave Risk Radar Report: Hospitality Sector. This comprehensive report builds on previous findings to provide the latest insights and strategies to enhance data security.

This report looks at the historical and emerging cyber threats that continue to challenge this industry, providing essential insights for businesses to fortify their defenses and tracks the changes in threat tactics detected by Trustwave SpiderLabs.

The primary report has two companion pieces:

• Deep Dive on a Digital Forensics and Incident Response Case Study in Hospitality
• Deep Dive: How Threat Actors Turn Vulnerabilities into Big Business

There is also an accompanying webinar that will offer a deeper and personal look at the data Trustwave SpiderLabs has compiled.

Register here for the webinar.

Key Findings and Trends

The report builds on prior analyses to identify new tactics used by cyber adversaries.

Trustwave SpiderLabs noted more than 14,000 publicly exposed vulnerabilities impacting hospitality, with 61.5% of initial access attempts using these during an attack. This emphasizes the urgent need for improved cybersecurity hygiene.

The report details the most prominent threats: ransomware attacks, phishing campaigns, and exploitation of Internet of Things (IoT) infrastructure.

The report also discusses the growing trend of "Dark Web Travel Agents", where malicious operators sell heavily discounted travel packages, often exploiting compromised booking platforms and stolen payment data.

The sector’s inherent challenges, frequent staff turnover, decentralized operations, and the increased reliance on third-party vendors have been updated. Additionally, the researchers list many of the high-profile incidents, including the Caesars Entertainment and MGM cyberattacks, that have recently taken place.

Actionable Recommendations

As always, Trustwave SpiderLabs offers actionable recommendations to help deter or mitigate the impact of a cyberattack.

These include:

• Enhanced Patch Management: Regular updates to critical systems to mitigate known vulnerabilities.
• Improved Access Controls: Enforcing multi-factor authentication (MFA) and least-privilege policies.
• Staff Training and Awareness: Continuous cybersecurity education, especially for seasonal workers.
• Incident Response Preparedness: Developing and rehearsing response plans to minimize disruption during attacks.

The 2025 Trustwave Risk Radar Report calls for proactive measures, including continuous monitoring, robust patch management, and vigilant threat intelligence integration. By adopting these strategies, hospitality businesses can better navigate the evolving cyber threat landscape, safeguarding both their operations and the trust of their guests.

Please download the reports and check out the webinar registration page.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.