Mariott Hotels Worldwide Booking Breach
Updated: Dec 3, 2018
This week, Marriott Hotels Guest Reservation System discovered the 2nd largest breach in US history and cybersecurity culture isn’t where it needs to be in 95% of organisations.
DARK WEB TRENDS: THIS PAST WEEK*
Top Source Hits: ID Theft Forums (98%) Top Employee Count: 11-50 employees (36%)
MOST COMMONLY TARGETED INDUSTRIES THIS PAST WEEK*
Hospitality
Hits: 5242 | Targets: Marriott, Starwood Hotels & Resorts Worldwide, Inc., Hyatt Hotels Corporation, Radisson, China Lodging Group
Consumer Goods
Hits: 5207 | Targets: Marriott, Starwood Hotels & Resorts Worldwide, Inc., Intercontinental Hotels Group, Sony Corp, Nordstrom
Service
Hits: 5202 | Targets: Marriott, Starwood Hotels & Resorts Worldwide, Inc., Intercontinental Hotels Group, Loews, PR Newswire
Tourism
Hits: 2912 | Targets: Marriott, Sheraton
Software
Hits: 269 | Targets: Yahoo, Dell Technologies, Inc., Google, Microsoft, Spotify
MOST ACTIVE THREAT ACTORS THIS PAST WEEK*
Inj3ct0r Team
Hits: 66 | Targets: WordPress, Joomla, Twitter, Apache HTTP Server, Symantec
Hezbollah
Hits: 42 | Targets: Israel, Iran, Lebanon, Syria, United States
APT28 Fancy Bear
Hits: 23 | Targets: Democratic National Convention, Democratic National Committee, United States, Germany, United States Senate
Foreign Hackers
Hits: 14 | Targets: United States, Sony Corp, UK Power Grid, Canada, Arizona
MuddyWater
Hits: 9 | Targets: Government of Saudi Arabia, Saudi Arabia, United Arab Emirates, Israel, Iraq
MOST EXPLOITED VULNERABILITIES THIS PAST WEEK **
ExCVE-2017-0147
Hits: 186 | Related products: Microsoft Windows, Windows SMB, Microsoft Windows Server 2008, Microsoft Windows Server, Microsoft Windows Vista
CVE-2011-2140
Hits: 23 | Related products: Adobe Flash Player, Exploit DB, TippingPoint IPS, SourceForge.net, Java
CVE-2016-7255
Hits: 20 | Related products: Microsoft Windows, Microsoft Windows 7, Microsoft Windows 10, Adobe Flash Player, Microsoft Windows 8
CVE-2017-11882
Hits: 15 | Related products: Microsoft Office, AhnLab-V3, Microsoft Equation Editor, Microsoft Windows, Any Run
CVE-2017-0199
Hits: 13 | Related products: Microsoft Office, Microsoft Office Powerpoint, Microsoft Windows, Microsoft Office Word, Wordpad
MOST DISCOVERED MALWARE THIS PAST WEEK*
Samsam
Hits: 15 | Targets: Atlanta, Colorado Department of Transportation, Bitcoin, Allscripts, LabCorp
Wcry
Hits: 11 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, North Korea
KingMiner
Hits: 10 | Targets: Microsoft Windows, Microsoft Windows Server, Monero, Cryptocurrency, Microsoft
ETERNALBLUE
Hits: 9 | Targets: Microsoft Windows, Microsoft Windows 10, Server Message Block , Microsoft Windows 8, Microsoft Windows 7
POWERSTATS
Hits: 8
In Other News:
Marriott Hotels Booking System Breached*
Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018.
On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.
The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.
For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities. “We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and Chief Executive Officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Dark Web Down*
One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
Apple CEO Backs Privacy Laws, Warns Data Being 'Weaponized'*
The head of Apple has endorsed tough privacy laws for both Europe and the U.S. and renewed the technology giant's commitment to protecting personal data, which he warned was being "weaponized" against users. Speaking at an international conference on data privacy, Apple CEO Tim Cook applauded European Union authorities for bringing in a strict new data privacy law in May and said the iPhone maker supports a U.S. federal privacy law .
Cook's speech, along with video comments from Google and Facebook top bosses, in the European Union's home base in Brussels, underscores how the U.S. tech giants are jostling to curry favor in the region as regulators tighten their scrutiny.
Data protection has become a major political issue worldwide, and European regulators have led the charge in setting new rules for the big internet companies.
The EU's new General Data Protection Regulation, or GDPR, requires companies to change the way they do business in the region, and a number of headline-grabbing data breaches have raised public awareness of the issue.
In the U.S., California is moving to put in regulations similar to the EU's strict rules by 2020 and other states are mulling more aggressive laws. That's rattled the big tech companies, which are pushing for a federal law that would treat them more leniently.
Cook warned that technology's promise to drive breakthroughs that benefit humanity is at risk of being overshadowed by the harm it can cause by deepening division and spreading false information. He said the trade in personal information "has exploded into a data industrial complex." "Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency," he said. Scraps of personal data are collected for digital profiles that let businesses know users better than they know themselves and allow companies to offer users "increasingly extreme content" that hardens their convictions, Cook said. "This is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them," he said. "This should make us very uncomfortable. It should unsettle us."
Loyalty Points a ‘honeypot’ for Cyber Criminals*:
What’s moving to the top of fraudsters holiday shopping list this year? Reward points. With banks and credit card issuers making card fraud tougher than ever, fraudsters have set their sights on another target: loyalty points programs. And why not? Loyalty points accounts are easy pickings—typically guarded by little more than a username/password combination, and often forgotten by consumers until they’re ready to use them. Once acquired, they’re easily redeemed for flights, hotel rooms, gift cards and merchandise, or offered for sale on the Dark Web for a fraction of their face value.
Perhaps you have been building up travel points for a family vacation or hotel rewards for a romantic weekend getaway. Unlike your bank or credit card, you are probably not checking the balance on your customer loyalty accounts, and fraudsters could be stealing reward points without you even knowing it. Recent reports of loyalty program-related airline and hotel data breaches suggest these types of attacks are on the upswing, and RSA research supports the idea. Our data analysis of one major dark web marketplace shows that travel/hospitality businesses and rewards programs collectively make up 13 percent of the types of accounts for sale.
Phishing is another source fraudsters use to acquire access to loyalty points accounts. RSA saw a 70% increase in global phishing attacks in Q3 which is typical as fraudsters look to harvest fresh credentials to use during the holiday shopping season. Here’s what you need to know about the kinds of tactics fraudsters are likely to use in these attacks, and how businesses and consumers can fight back.
Postscript
Do It for The Culture According to a report by ISACA* (The Information Systems Audit and Control Association) 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved. What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.
With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organisation. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.
* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.