Starwood did not have the best security culture before its acquisition by Marriott the Wall Street Journal reported that Starwood employees perennially found the reservation system difficult to secure, and in fact a different attacker breached the system in 2015 and wasn’t detected for eight months. What stands out here is not the attack’s success in breaching Starwood’s systems - most security experts today believe it’s almost impossible to keep all attackers at bay all the time - but rather that the attack went undetected for four years. It’s not clear how the RAT was placed onto the Starwood server, but such Trojans are often downloaded from phishing emails, and it’s reasonable to guess that might’ve been the case here.īut lurking behind these specific attack vectors lay a series of cultural and business factors that we might label the root cause of the breach. Together, these two tools could have given the attackers control of the administrator account. Investigators began scouring the system for clues, and discovered a Remote Access Trojan (RAT) along with MimiKatz, a tool for sniffing out username/password combos in system memory. Now aware of the severity of the breach, Marriott released a statement on November 30, 2018, outlining the basics we’ve described here. ![]() Many of the records include extremely sensitive information like credit card and passport numbers. By November, they had managed to decrypt that data and discovered that it included information from up to 500 million guest records, though those undoubtedly include duplicate records or multiple records pertaining to individual guests. In their investigation, Marriott found data that the attackers had encrypted and attempted (probably successfully) to remove from the Starwood systems. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn’t been migrated to Marriott’s own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we’ll revisit in more detail later. ![]() This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott’s Starwood brands, which include the Westin, Sheraton, St. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves. In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |