Highlights

*Hoteliers face evolving social engineering threats like deepfakes and QR phishing.

*Malware and ransomware attacks may rise due to the accessibility of dark web tools.

*Exploits in AI supply chains and unpatched systems pose significant risks.

Overview

Cybercrime is on the rise. 92% of IT professionals report increased attacks. Data breach costs have climbed to $4.45 million—the highest since the pandemic.

As 2024 winds down, hoteliers should gear up for the risks ahead.

To prepare, this week’s feature of the VENZA Echo investigates the anticipated threat landscape for hospitality in 2025.

1. Social Engineering

As the leading cause of data breaches worldwide, social engineering will undoubtedly remain a significant threat to hospitality next year.

These attacks, which leverage psychological manipulation rather than traditional hacking, have steadily evolved in both sophistication and scale and surged by 300% in hospitality in 2024.

Beyond the familiar phishing emails and fake IT phone scams, hoteliers should stay alert to these evolving social engineering tactics:

Advanced Phishing
Phishing scams are becoming increasingly sophisticated. Emerging scams now exploit multiple channels like Telephone-Oriented Attack Delivery (TOAD) or use phishing-as-a-service kits to bypass multi-factor authentication (MFA), adding an extra layer of authenticity.

For hoteliers, the dangers of phishing now extend beyond just leadership and corporate staff. Fraudsters are increasingly targeting front desk and guest service teams for their access to third-party booking platforms, amplifying the risks across operations.

Deepfakes
Hoteliers are no strangers to the dangers of vishing, or phone-based phishing. However, the advent of widely accessible AI tools has transformed this familiar threat into a more formidable danger.

Using voice cloning or “deepfake” technologies, attackers can replicate the voices of trusted individuals with alarming accuracy. Over half of companies in the U.S. and UK have reported financial scams involving deepfake technology. In 2024, the Retail and Hospitality Information Sharing and Analysis Center noted a significant increase in deepfake scams specifically targeting hospitality in particular.

Quishing
QR code phishing, or “quishing,” has seen a dramatic rise in the past few years, becoming a preferred method for attackers to deliver malicious payloads. This technique involves embedding phishing QR codes into emails, posters, or other communication channels, allowing attackers to bypass traditional security measures. When scanned, these codes redirect users to malicious websites or trigger harmful downloads.

This threat continues to grow more prolific, with studies showing almost 2% of all scanned QR codes are malicious.

2. Malware and Ransomware

Malware and ransomware remain one of the most significant cybersecurity threats to hospitality, posing growing risks in 2025. Designed to infiltrate systems and steal data or lock access until a ransom is paid, these threats have already contributed to some of hospitality’s most significant recent breaches.

Attacks are expected to rise driven in part by the growing accessibility of tools like Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) on the dark web, empowering even low-level attackers to execute sophisticated attacks at scale.

Connected devices are expected to reach 18.8 billion by the end of this year, expanding the overall attack surface for malware and ransomware infiltration.

3. AI and Supply Chain Breaches

The booming artificial intelligence (AI) market is transforming hospitality, with many hoteliers leveraging third-party AI platforms to enhance guest experiences and streamline operations.

However, these platforms come with inherent vulnerabilities, particularly in supply chain management, posing a significant risk heading into the new year.

Supply chain vulnerabilities arise when interconnected systems depend on third-party AI tools, creating multiple points of entry for cyberattacks. A compromised vendor or platform can expose the entire chain, leading to breaches or operational disruptions.

Alarmingly, 96% of business executives already believe AI will play a role in enabling breaches within their organisations over the next three years. Their fear is not unfounded, as one study found that 77% of companies using AI experienced a breach in that system in 2024.

Couple this with the inherent vulnerabilities of generative AI and machine learning models, these risks could have serious consequences for hoteliers in 2025.

4. Vulnerability Exploitation

Exploiting vulnerabilities in unpatched or outdated systems has long been a favored tactic of hackers. What makes this an escalating concern for 2025 is the speed at which attackers identify and exploit these vulnerabilities.

Recent studies reveal that proof-of-concept exploits are being weaponized in attacks as quickly as 22 minutes after being publicly disclosed in the CVE catalog, a library of known cybersecurity vulnerabilities.

Adding to this challenge, researchers have begun leveraging AI to discover vulnerabilities in real-world code. While this innovation holds promise for defenders, it also equips attackers with more powerful tools to identify and exploit weaknesses at unprecedented speed.

Conclusion

Heading into 2025, hoteliers must remain vigilant and proactive in addressing the evolving cyber threat landscapes. A clear understanding of these risks and timely action can propel hospitality securely into the new year.

Feeling overwhelmed? Don’t worry. As the leading experts in hospitality cybersecurity and data protection, VENZA offers tailored solutions for defense, ensuring your hotels stay secure, compliant, and ready for the challenges of 2025 and beyond.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.