Marriott Breach Exposes More than Just Customer Info
Attivo Networks Blogs

Marriott Breach Exposes More than Just Customer Info

SC media logo

Marriott’s massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company.

Marriott has not disclosed exactly how cybercriminals managed to enter the Starwood reservation system compromising 500 million records, but the early action on the breach is leaning toward the malicious actors obtaining employee credentials in some manner and gaining access to the system. And since their presence was in place two years before Marriott’s purchase of Starwood Hotels there was an obvious omission by Marriott during its vetting process of Starwood and its computer network.

The general consensus is the breach did not involve a hack using malware, but a few other possibilities have been broached. Ben Johnson, co-founder and CTO of Obsidian Security, thinks the attacker originally gained entry through an employee error.

“Often threat actors obtain employee-level access and ‘live off the land’, using built-in tools and IT systems to traverse the environment. Furthermore, due to a lot of the reporting being around encrypted data, it’s highly possible that it was a database backup system that was compromised, as the backup systems often have lower security scrutiny than production,” he told SC Media.

Phishing has also popped up as one possible path of attack.

“At this point, we can only speculate, but if I had to guess, phishing would be at the top of the list. My second guess would be a third-party vendor compromise – possibly via phishing or other poor security practices like an unpatched vulnerability – that gave them a foothold within the Starwood enterprise,” said David Pearson, principal threat researcher at Awake Security.

Read more>>>

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

13 + 5 =

Ready to find out what’s lurking in your network?

Scroll to Top