After the ransacking Attack.Databreach of MongoDB , ElasticSearch , Hadoop , CouchDB , and Cassandra servers , attackers are now hijacking hundreds of MySQL databases , deleting their content , and leaving a ransom note behind asking for Attack.Ransom a 0.2 Bitcoin ( $ 235 ) payment Attack.Ransom . According to breach detection firm GuardiCore , the attacks are happening via brute-force attacks on Internet-exposed MySQL servers , and there 's plenty of those laying around since MySQL is one of today 's most popular database systems . All attacks came from a server in the Netherlands Based on currently available evidence , the attacks started on February 12 , and only lasted for 30 hours , during which time attackers attempted to brute-force their way into MySQL root accounts . Investigators said all attacks came from the same IP address from the Netherlands , 109.236.88.20 , belonging to a hosting company called WorldStream . During their ransacking Attack.Databreach , attackers did n't behave in a constant pattern , making it hard to attribute the hacks to one group , despite the usage of the same IP . For example , after gaining access to MySQL servers , attackers created a new database called PLEASE_READ and left a table inside it called WARNING that contained their ransom demands Attack.Ransom . In some cases , attackers only created the WARNING table and left it inside an already existing database , without creating a new one . Investigators report that attackers would then dump the database 's content and delete it afterward , leaving only the one holding their ransom Attack.Ransom . In some cases , attackers deleted the databases without dumping any data . Attackers have their own website Two ransom notes have been found in the hundreds of confirmed attacks Attack.Ransom , one asking Attack.Ransom victims to get in contact via email and confirm the payment , while the other used a completely different mode of operation , redirecting users to a Tor-hosted website . The two Bitcoin addresses listed in the ransom notes received four and six payments Attack.Ransom , respectively , albeit GuardiCore experts doubt that all are from victims . `` We can not tell whether it was the attackers who made the transactions to make their victims feel more confident about paying Attack.Ransom , '' they said . Be sure the attacker still has your data Just like in the case of the now infamous MongoDB attacks Attack.Ransom that have hit Attack.Ransom over 41,000 servers , it 's recommended that victims check logs before deciding to pay Attack.Ransom and see if the attackers actually took their data . If companies elect to pay the ransom Attack.Ransom , should always ask the attacker for proof they still have their data . None of this would be an issue if IT teams follow standard security practices that involve using an automated server backup system and deleting the MySQL root account or at least using a strong and hard-to-brute-force password . This is not the first time MySQL servers have been held for ransom Attack.Ransom . The same thing happened in 2015 , in a series of attacks Attack.Ransom called RansomWeb Attack.Ransom , where attackers used unpatched phpBB forums to hijack databases and hold websites up for ransom Attack.Ransom .

Breaches involving major players in the hospitality industry continue to pile up . Today , travel industry giant Sabre Corp. disclosed what could be a significant breach Attack.Databreach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments . In a quarterly filing with the U.S. Securities and Exchange Commission ( SEC ) today , Southlake , Texas-based Sabre said it was “ investigating an incident of unauthorized access Attack.Databreach to payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system. ” According to Sabre ’ s marketing literature , more than 32,000 properties use Sabre ’ s SynXis reservations system , described as an inventory management Software-as-a-Service ( SaaS ) application that “ enables hoteliers to support a multitude of rate , inventory and distribution strategies to achieve their business goals. ” Sabre said it has engaged security forensics firm Mandiant to support its investigation , and that it has notified law enforcement . “ The unauthorized access has been shut off and there is no evidence of continued unauthorized activity , ” reads a brief statement that Sabre sent to affected properties today . “ There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected. ” Sabre ’ s software , data , mobile and distribution solutions are used by hundreds of airlines and thousands of hotel properties to manage critical operations , including passenger and guest reservations , revenue management , flight , network and crew management . Sabre also operates a leading global travel marketplace , which processes more than $ 110 billion of estimated travel spend annually by connecting travel buyers and suppliers . Sabre told customers that it didn ’ t have any additional details about the breach to share at this time , so it remains unclear what the exact cause of the breach may be or for how long it may have persisted . A card involving traveler transactions for even a small percentage of the 32,000 properties that are using Sabre ’ s impacted technology could jeopardize a significant number of customer credit cards in a short amount of time . The news comes amid revelations about a blossoming breach at Intercontinental Hotel Group ( IHG ) , the parent company that manages some 5,000 hotels worldwide , including Holiday Inn and Holiday Inn Express . KrebsOnSecurity first reported in December 2016 that cards used at IHG properties were being sold to fraudsters , but it took until February 2017 for IHG to announce it had found malicious software installed at front-desk systems at just a dozen of its properties . On April 18 , IHG disclosed in an update on the investigation that more than 1,200 properties were affected , and that there could well be more added in the coming days . According to Verizon ‘ s latest annual Data Breach Investigations Report ( DBIR ) , malware attacks on point-of-sale systems used at front desk and hotel restaurant systems “ are absolutely rampant ” in the hospitality sector . Accommodation was the top industry for point-of-sale intrusions in this year ’ s data , with 87 % of breaches within that pattern . “ Apparently , it is not only The Eagles that are destined for a long stay at the hotel , ” Verizon mused in its report . “ The hackers continue to be checked in indefinitely as well . Breach timelines continue to paint a rather dismal picture—with time-to-compromise being only seconds , time-to-exfiltration taking days , and times to discovery and containment staying firmly in the months camp. ” Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years . Hotel brands that have acknowledged card breaches Attack.Databreach over the last year after prompting by KrebsOnSecurity include Kimpton Hotels , Trump Hotels ( twice ) , Hilton , Mandarin Oriental , and White Lodging ( twice ) . Card breaches Attack.Databreach also have hit Attack.Databreach hospitality chains Starwood Hotels and Hyatt . In many of those incidents , thieves planted malicious software on the point-of-sale devices at restaurants and bars inside of the hotel chains . Point-of-sale based malware has driven most of the credit card breaches Attack.Databreach over the past two years , including intrusions at Target and Home Depot , as well as breaches Attack.Databreach at a slew of point-of-sale vendors . The malicious code usually is installed via hacked remote administration tools . Once the attackers have their malware loaded onto the point-of-sale devices , they can remotely capture Attack.Databreach data from each card swiped at that cash register . Thieves can then sell that data to crooks who specialize in encoding the stolen data onto any card with a magnetic stripe , and using the cards to purchase high-priced electronics and gift cards from big-box stores like Target and Best Buy . Readers should remember that they ’ re not liable for fraudulent charges on their credit or debit cards , but they still have to report the unauthorized transactions . There is no substitute for keeping a close eye on your card statements . Also , consider using credit cards instead of debit cards ; having your checking account emptied of cash while your bank sorts out the situation can be a hassle and lead to secondary problems ( bounced checks , for instance ) .