82% of North American Hotels Were Hit by Cyberattacks—Are You Ready?

by jdpoteet | Aug 6, 2025 | News, Blogs

As summer travel heats up, so does cybercriminal activity targeting the hospitality sector. A recent industry report reveals that a staggering 82% of North American hotels experienced a successful cyberattack during the summer of 2024, with many hit multiple times. As we enter the 2025 travel season, the outlook is even more concerning.

At Blackswan Cybersecurity, we understand the unique vulnerabilities hospitality businesses face—particularly during high-traffic periods when systems are stretched, staff is seasonal, and attackers are most aggressive.

Hospitality Under Siege: What the Data Shows

According to the 2025 State of Hospitality Cyber Report, which surveyed hotel IT and security leaders across North America:

• 66% expect cyberattack frequency to increase this summer

• 50% anticipate more severe attacks

• 48% lack confidence in their staff’s ability to detect or respond to advanced threats like AI-driven attacks or deepfakes

• 22% say threat actors are already outpacing their internal capabilities

Guest-facing technology is especially exposed, with top risks identified in:

• Point-of-sale systems (72%)

• Guest Wi-Fi (56%)

• Front desk and check-in systems (34%)

The most common and damaging attack types include data breaches exposing payment or personal guest data, phishing campaigns, and Wi-Fi compromise.

When Downtime Isn’t an Option

These threats don’t just cause inconvenience—they disrupt business and damage brands.

Last summer:

• 44% of hotels reported 12+ hours of downtime due to a cyberattack

• 66% cited reputational damage from negative guest reviews

• 46% suffered financial loss

• 12% believed an incident could threaten the future of the business

In a sector where occupancy rates, guest satisfaction, and trust are everything, the impact of a single incident can extend far beyond the breach itself.

What’s Fueling the Risk?

The research also highlights several systemic gaps:

• 42% say vulnerabilities in third-party systems (like booking engines or payment processors) heighten their risk

• 40% cite outdated or legacy tech as a key concern

• 26% face increased exposure due to temporary or seasonal employees unfamiliar with cybersecurity best practices

• 16% report challenges hiring and retaining skilled cyber staff

Even with some organizations dedicating up to a quarter of their IT budget to security, many have yet to adopt modern defenses. While most are using basic tools like antivirus, firewalls, and VPNs, fewer than half have implemented measures like ransomware protection, vulnerability scanning, or regular data backups. Advanced capabilities like dark web monitoring (26%) and penetration testing (28%) remain underutilized.

How Blackswan Supports the Hospitality, Retail & Entertainment Industry

At Blackswan Cybersecurity, we help hotels, resorts, restaurants, and entertainment venues stay protected—even during the busiest times of the year.

Our tailored solutions for hospitality include:

• 24/7 Managed Detection & Response (MDR) with real-time threat monitoring and incident response

• Advanced endpoint and ransomware protection

• Vulnerability and risk assessments for third-party systems

• Dark web and brand monitoring to detect exposed guest data

• Tabletop exercises to prepare seasonal staff for phishing and fraud scenarios

• Flexible services, including SOC-as-a-Service and Virtual CISO (vCISO) support

Whether you’re running a boutique hotel, an entertainment/gaming restaurant/bar, or a high-traffic restaurant chain, we help you minimize downtime, protect guest data, and ensure operational continuity.

The Takeaway: Don’t Wait for a Breach to Act

The hospitality industry is being actively targeted—and the attackers are evolving faster than many organizations can keep up. The 2025 data is a warning sign, but also an opportunity.

In the Hospitality industry, uptime is everything for the customer experience—Let Blackswan help keep your running.

📞 Contact us today to schedule a complimentary Cyber Risk Readiness Assessment tailored to the hospitality, retail, and entertainment sector.

REFERENCES

• https://www.securityinfowatch.com/cybersecurity/press-release/55302678/vikingcloud-vikingcloud-cyberattacks-hit-82-of-north-american-hotels-last-summer
• Data and statistics referenced from the 2025 State of Hospitality Cyber Report, published by VikingCloud.

Chinese State Hackers Breach National Guard: A Nine-Month Wake-Up Call for Government and Critical Infrastructure Security

by jdpoteet | Aug 1, 2025 | News, Blogs

In a sobering reminder of today’s evolving cyber threat landscape, Salt Typhoon, a Chinese state-sponsored threat group, successfully infiltrated a U.S. Army National Guard network—undetected—for nine months in 2024. The attackers quietly exfiltrated network configuration files, administrator credentials, and sensitive personal data of service members, potentially enabling follow-on attacks across multiple state and federal agencies.

While the breach was eventually uncovered, the damage was done. The attackers’ access to configuration files and network topologies granted them a blueprint for compromising other government networks—a tactic they’ve used repeatedly in past operations targeting critical infrastructure, telecom providers, and state government agencies.

At Blackswan Cybersecurity, this breach underscores a reality we see every day: visibility without vigilance is a false sense of security.

What Happened: A Breach Built on Persistence and Old Vulnerabilities

Salt Typhoon is known for exploiting unpatched devices and legacy vulnerabilities—most notably:

• CVE-2018-0171, a Smart Install flaw in Cisco IOS/IOS XE

• CVE-2023-20198 and CVE-2023-20273, web UI and privilege escalation flaws in Cisco IOS XE

• CVE-2024-3400, a critical command injection flaw in Palo Alto Networks’ GlobalProtect

Once inside, the group allegedly used custom malware—JumblePath and GhostSpider—to maintain stealthy persistence and conduct surveillance operations across network boundaries.

Their prize? Over 1,400 configuration files from nearly 70 government and infrastructure entities across 12 sectors—each one a potential key to unlocking deeper network access elsewhere.

The Bigger Threat: Configuration Files as Weapons

Configuration files are often overlooked in traditional security models. Yet, as this breach shows, they contain:

• Administrative credentials

• VPN gateway settings

• Firewall rules

• Inter-agency trust paths

This data gives attackers a map—and the keys—to move laterally through interconnected networks. As government systems grow more complex and interconnected, the ability to understand and control this sprawl becomes critical.

How Blackswan Cybersecurity Can Help

At Blackswan, we understand that cybersecurity isn’t just about preventing entry—it’s about detecting intrusions early, limiting blast radius, and ensuring business continuity. Here’s how our approach could have changed this story:

🔍 24/7 Threat Monitoring via Our Cyber Fusion Center

Our always-on SOC, staffed by human analysts and AI-driven threat models, correlates activity across firewalls, endpoints, and network logs. We flag anomalous behavior before it escalates—ensuring no threat lingers unnoticed for nine months.

🔐 Zero Trust Network Segmentation

Using our vCISO expertise and industry-aligned frameworks, we help agencies implement strict access controls, segmented networks, and “least privilege” design—so even if one node is breached, lateral movement is curtailed.

📊 Configuration File Monitoring & Integrity Checks

We deploy automated tools to monitor changes to sensitive configuration files. If any critical files are exfiltrated, altered, or accessed out-of-policy, we alert and respond in real time.

⚙️ Patch Management and Vulnerability Prioritization

We don’t just scan for CVEs—we help prioritize them based on exploitability in the wild and threat actor behavior. Salt Typhoon’s known vulnerabilities are actively tracked and patched through our managed vulnerability lifecycle services.

Don’t Wait for a Breach to Take Action

This breach of the National Guard was not the result of sophisticated zero-days—it was the result of known vulnerabilities, lack of segmentation, and insufficient monitoring.

If you’re responsible for cybersecurity in a government, military, or critical infrastructure environment, ask yourself:

• Would we know if configuration files were exfiltrated today?

• How long could an attacker linger in our network unnoticed?

• Are we prioritizing the vulnerabilities attackers are actively exploiting?

Blackswan Cybersecurity helps organizations move from reactive to resilient. From full MDR/XDR coverage to compliance-aligned risk assessments, we partner with agencies to detect, defend, and deter persistent threats like Salt Typhoon.

Contact us today to schedule a no-cost cybersecurity posture review. Because in today’s world, hoping your network isn’t the next target isn’t a strategy—it’s a risk.

REFERENCES

• https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-national-guard-to-steal-network-configurations/
• https://federalnewsnetwork.com/federal-newscast/2025/07/salt-typhoon-hackers-compromise-a-states-army-national-guard-network/

Massive Data Breach at Allianz Life Tied to Social Engineering Attack

by jdpoteet | Jul 28, 2025 | News, Blogs

On July 16, 2025, Allianz Life Insurance Company of North America fell victim to a significant cybersecurity incident that has exposed the personally identifiable information (PII) of most of its 1.4 million U.S. customers, financial professionals, and select employees. The breach was the result of a social engineering attack that compromised a third-party, cloud-based CRM system used by the company.

In a disclosure filed with the Maine Attorney General’s office, Allianz stated that it detected the intrusion on July 17 and responded immediately—initiating an investigation, containing the breach, and notifying the FBI. The company emphasized that there is currently no evidence the attacker accessed its internal networks or core systems, including its policy administration system.

The Role of Social Engineering

This breach highlights the continued effectiveness of social engineering tactics, where attackers manipulate individuals into giving up access or credentials, often by impersonating trusted contacts or using other psychological tactics. In this case, the attackers bypassed technical defenses by targeting human vulnerabilities within a vendor environment.

Social engineering remains one of the most pervasive and damaging threat vectors facing enterprises today—particularly in highly regulated industries such as insurance and finance.

Possible Links to Scattered Spider

The attack comes amid a wider campaign of supply-chain and social engineering attacks tied to the threat actor group known as Scattered Spider. The group has been implicated in similar high-profile attacks across the insurance sector, including recent breaches at Aflac, Erie Insurance, and Philadelphia Indemnity Insurance.

These coordinated intrusions underscore the growing sophistication of cybercrime groups targeting managed service providers and cloud vendors—creating ripple effects across multiple client environments.

What’s Next for Allianz and Its Customers?

Allianz Life, a subsidiary of German financial services giant Allianz SE, is continuing to assess the scope of the breach. While a placeholder notification has been filed, the company plans to issue formal notifications once all impacted individuals have been identified. They are also offering assistance and support to those affected.

Blackswan Takeaway: The Supply Chain is the New Frontline

This incident is yet another reminder that third-party vendors can become the weakest link in an otherwise secure environment. Even large enterprises with strong cybersecurity postures are vulnerable when partners and suppliers are compromised.

At Blackswan Cybersecurity, we advocate a layered defense strategy that includes:

• Continuous vendor risk assessment

• 24/7 monitored detection and response

• Social engineering awareness training

• Zero trust architectures

• Proactive threat hunting and forensic analysis

As the threat landscape evolves, organizations must think beyond their own perimeter. Cybersecurity is not just an internal responsibility—it’s an ecosystem obligation.

Need help securing your extended supply chain?
🔍 Book a free Cyber Risk Consultation with Blackswan today and test drive our 24/7 monitored detection and response services powered by our North Texas-based Cyber Fusion Center.

SOURCES:

• https://www.bbc.com/news/articles/cd6nyng861wo
• https://www.usatoday.com/story/tech/2025/07/28/us-customers-data-stolen-cyberattack-allianz-life/85406949007/