Marriott breach impacts 500 million customers: here’s what to do about it

Today Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years. While details of the breach are still sparse, Marriott stated that there was unauthorized access to a database tied to customer reservations stretching from 2014 to September 10, 2018.

For a majority of impacted customers (approximately 327 million), the breached data includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some of those guests, their credit card numbers and expiration dates were exposed, however, they were encrypted using the Advanced Encryption Standard (AES-128).

You can read more on impact to customers in Marriott’s statement here.

A root cause of the breach is currently unknown, but Marriott indicated that the intruders encrypted the information before exfiltrating the data. Brian Krebs reported that Starwood reported its own breach in 2015, shortly after acquisition by Marriott. At the time, Starwood said that their breach timeline extended back one year, to roughly November 2014. Incomplete remediation of breaches is extremely common, and when compounded by asset management challenges introduced by mergers and acquisitions, seeing lateral movement and exfiltration after an initial hack is not unreasonable.

Starwood properties impacted are as follows:

  • Westin
  • Sheraton
  • The Luxury Collection
  • Four Points by Sheraton
  • W Hotels
  • St. Regis
  • Le Méridien
  • Aloft
  • Element
  • Tribute Portfolio
  • Design Hotels

What should you do about it?

If you’re a customer:

  • Change your password for your Starwood Preferred Guest Rewards Program immediately. Random passwords generated by a password manager of your choice should be most helpful.
  • Review your banking and credit card accounts for suspicious activity.
  • Consider a credit freeze if you’re concerned your financial information was compromised.
  • Watch out for breach-related scams; cybercriminals know this is a massive, newsworthy breach so they will pounce at the chance to ensnare users through social engineering. Review emails supposedly from Marriott with an eagle eye.

Download our Data Breach Checklist here.

 

If you’re a business looking for tips to prevent getting hit by a breach:

  • Invest in an endpoint protection product and data loss prevention program to make sure alerts on similar attacks get to your security staff as quickly as possible.
  • Take a hard look at your asset management program:
    • Do you have 100 percent accounting of all of your external facing assets?
    • Do you have uniform user profiles across your business for all use cases?
  • When it comes to lateral movement after an initial breach, you can’t catch what you can’t see. The first step to a better security posture is to know what you have to work with.

In a world where it seems breaches cannot be contained, consumers and businesses once again have to contend with the aftermath. Our advice to organizations: Don’t become a cautionary tale. Save your customers hassle and save your business’ reputation by taking proactive steps to secure your company today.

The post Marriott breach impacts 500 million customers: here’s what to do about it appeared first on Malwarebytes Labs.

Instagram Ransomware attack

This is the recent news that has been published by the news outlets from all over the world. At least 5 high profile Instagram accounts have been hacked by the syndicates and the users are locked out. The hackers are demanding ransom in form of Bitcoins and the worst part is that the company is silent on the issue.

The hackers also threatened to delete the account within 3 hours if the ransom is not paid though nothing of this kind has been reported. Your Account has been Hacked is the message that is being displayed leaving the users in despair and anguish. As per some Instagramers they are going through emotional turmoil. There is no hope of account restoration one influencer added.

FBI numbers on hacking

There are about 18,855 law enforcement agencies working in the US. The computer crime data that has been compiled by the FBI shows that about 64 cases of hacking have been registered in the country. This data was provided by 189 agencies that are in direct collaboration with the FBI. It is worth mentioning that the data is based on both old styled UCR and the new NIBRS.

The actual figure at the NIBRS section of the FBI website is staggering and it shows that in 2017 6191 incidents of crimes against property have been committed out of which 64 are classified as hacking. For detailed information, it is advised to visit the NIBRS website and filter the results according to the Law Enforcement Agency Types to get a clear view of the situation.

Satori Botnet developer arrested

Kenneth Currin has been arrested by the Feds and the hacker is the alleged developer of malicious Satori Botnet malware. He has been charged with Computer Fraud and Abuse Act for causing damage to the number of systems. In addition to all this, the malware also affected about 500,000 routers from all over the world scanning the hardware to collected confidential user information.

His full name and address were published online by his rivals and this made it too easy for the Feds to nab him. Some specialists are of the view that he used his home IP which became a major cause of his arrest and the story of name publishing is just a hoax. Kenneth lives with his father and suffers from Asperger Syndrome.

Malware to survive OS reinstalls

One of the best things that can be done once the computer is affected by malware is to reinstall the OS. This is not the case now as the Russian hackers have developed the malware that would corrupt the roots of the hard drive. In such case, even OS reinstall would not remove it at all. Most of the affected systems in this regard would have windows installed which shows how vulnerable this OS really is.

In addition to the root directory, the Unified Extensible Firmware Interface or the UEFI of the computer also gets corrupted. The only way out of this is to make sure that the firmware remains updated so that there is no vulnerability left.

Katko presents the bill on electoral hacking

The Defcon Conference presentation of the US voting machine hack was enough to open the eyes of the authorities. Now the US rep John Katko has presented a bill on the vulnerability to make sure that the elections remain fair and square. Dr. Alex Halderman was the one that demonstrated the hacking urging the rep to press the bill soonest possible.

The malware was installed within the machine and the live demo showed that the results can be altered to the extent the hackers want. This means the overall impact would be great and it would change the course of elections altogether. Dr. Halderman is of the view that in these midterm elections paper ballots should be used to maintain the integrity of the elections and keep them out of the reach of hackers.

Feds use of hacking as a tool

The private companies have been hired by the US government to develop the hacking tools that can be used by the Feds to track and take down criminals. The department is also working rigorously to develop tools that would track the internet history, communications and even sensitive data like personal files.

It will make sure that tactics are developed to nab the internet based criminals well before they commit any crime. The FBI has also invested about $1 million to develop and source hacking software that will read the data even if the phones are locked. The users, on the other hand, are not communicated with facts that to what extent will such technologies work.

Midterm elections can be jeopardized by the hackers

The optical scan ballot papers and the electronic voting machines are all vulnerable to hacking. This could affect the midterm elections that are planned for November 6th this year. The number is not one or two but thousands of machines are vulnerable and this can leave the experts devastated once the incident happens. The optical scan ballot machines are also not safe and the problem is the USB ports that are attached.

The states have not upgraded the election hardware kudos to budget cuts and constraints. The Defcon conference also demonstrated the hack of electronic voting machines within 15 minutes leaving the experts baffled. The system is vulnerable and only time would tell how effectively it performs during crises of any kind.

North Korean citizen charged with hacking charges

Park Jin has been charged by the US government to conspire against the biggest corporations in the USA namely Sony. The company suffered a data breach in 2014 and now the US has also blamed the Reconnaissance General Bureau of the North Korea for the activity. The hackers don’t live or operate from North Korea.

According to the intelligence reports, some of the operatives live in China while the others live in Malaysia due to better internet access. The notorious Lazarus Group has been created to destabilize the US military networks and the Pentagon by simultaneous attacks from all over the world. North Korea has denied all such claims.

Ransomware attack on Ontario town office

It has been reported that the computer network held hostage by the hackers has been released as the Ontario Town office has paid the desired amount. The office is now in the process of server reconfiguration. The remote take over by the hackers was done with the help of the email attachment malicious in nature. The office did not disclose the number of Bitcoins transferred to the hacker wallet.

The residents of the town are of the view that the office should not have paid the ransom as it will further foster the activities of the hackers. According to some sources, it would take full 48 hours before the systems are up and running.

Russian hacker extradition to the US

Andrei Tyurin aged 35 has been extradited to the USA under the charges of espionage and computer hacking. The sensitive info of about 100 million customers was published as a result of a single attack that exploited the loopholes in the networks. The financial institutions of the USA suffered the most and the hacker got away with a profit of $18 million.

He is also suspected of operating an illegal online casino with the payment gateways integrated. This was used for the money laundering on behalf of criminal syndicates and illegal pharmaceutical companies from all over the world. The FBI is of the view that extradition of Tyurin is a lesson for those engaged in similar activities.

The Equifax Breach

The patching of the software led to the problems and the Equifax breach that occurred last year but it is not the sole reason. About 145 million customers were affected in total and it is considered to be a disaster for the IT security department of the company. The customers of the company are asking how the hackers moved the systems so smoothly.

This is a question that has been answered by the report published by the US Government Accountability Office or the GAO. This 40-page report provides in-depth study about the breach. The office is of the view that patching failure is not the only cause of the problem. Lack of reporting structure and the collaboration was the other reason for the issue. The other reasons also include lack of data governance and IT asset management.

Skype Vulnerability allows Hackers to Execute Arbitrary code on Victim’s Machine

Skype Vulnerability

Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications.

According to Zacharis Alexandros, an independent researcher, a bug in Skype was discovered in January, but it has only recently been bought to light following the successful patch of the problem by Microsoft. He dubbed the bug, Spyke.

In a blog post (at time of publication, the article on LinkedIn (also owned by Microsoft) appears to have disappeared – here is a cached page), Alexandros said the problem mainly affected the Windows version of the VoIP application and to mount an attack, a hacker would need local access to the login screen of a running Skype instance.

He said that the vulnerability targets the fact that Skype instance contains an embedded Internet Explorer browser used for authentication purposes. An attacker can circumvent the normal authentication process and abuse the login via Facebook function to fingerprint the Internal Browser (IE), execute code in the context of the Skype process, phish credentials, and over communication traces.

He added that any system using Skype Client 7.31.0.104 and older versions that allow Facebook Login as an option are vulnerable. “Systems that use Skype and are publicly reachable like info kiosks or smart TV appliances, are particularly more attractive than local private systems (PCs) in order to be used for phishing attacks,” he warned.

The researcher also uploaded a video showing a proof of concept where code can be taken from Facebook’s developer site from inside Skype and crash the app. A hacker could also replace the login with a fake one to phish for a victim’s credentials.

Snapchat Data Breach

1.7M Snapchat user details Posted in India Data Breach

  • Snapchat CEO Evan Spiegel might want to tone down his comments while discussing the target demographic for his app to handle a Snapchat Data breach instead..
  • A former employee at Snapchat, instigating a lawsuit, told a Los Angeles court that Spiegel interrupted him as he was making a presentation about the app’s growth prospects overseas. “This app is only for rich people. I don’t want to expand into poor countries like India and Spain,” Spiegel said, according to Anthony Pompliano, who worked at the company for three weeks after moving over from facebook’s product team.
  • After the alleged comments from Spiegel appeared in Variety, hackers in India, as yet unidentified, took the disparaging remarks personally and in an apparent act of revenge claimed to have posted personal details of 1.7 million Snapchat users online, according to a report on UK site Independent.

Almost Half of UK firms hit by Cyber Breach or Attacks in the Past Year

Attacks Hit Many UK Firms

  • Government report says seven in ten large companies identified a breach or attack with firms holding personal data more likely to be attacked primarily by fraudulent emails, followed by viruses and
  • Businesses large and small are being urged to protect themselves against cyber-crime after new government statistics found more than half of all UK businesses suffered a cyber-breach or attack in the past 12
  • The Cyber-Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching
  • The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber-breaches than those that do not (51% compared to 37%)
  • The Cyber-Breaches Survey is part of the UK government’s five-year national cyber-security strategy to transform this country’s cyber-security and to protect the UK online. As part of the strategy, the government recently opened the new National Cyber-Security Centre (NCSC), a part of

Callisto Group Hackers targeted Foreign Office Data

The UK’s Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016.

Hack

  • The government has investigated the previously unreported attack that began in April last year. However the UK’s National Cyber Security Centre would not say whether data was
  • Research published on Thursday by cybersecurity firm F-Secure suggested the attack was a “spear-phishing” campaign, in which people were sent targeted emails in attempts to fool them into clicking a rogue link or handing over their username and
  • To do this, the attackers created a number of web addresses designed to resemble legitimate Foreign Office websites, including those used for accessing
  • F-Secure does not know whether the attack was successful. The company says the domains were created by hackers that it calls the Callisto Group, which it says is still active.

Hack Attacks on UK Businesses Cost Investors £42bn

 A typical FTSE 100 firm is worse off by an average of £120m after a hack or breach.

 

  • Risks relating to cyber security have risen to the top of the corporate agenda in recent years but few company leaders are aware of the full extent of the possible damage that data breaches can cause.
  • A new study commissioned by cyber security firm CGI and conducted by Oxford Economics, has found that companies’ share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach – where large amounts of sensitive information are
  • This means a typical FTSE 100 firm is worse off by an average of £120m after a breach, according to the
  • Oxford Economics compiled the data using the Gemalto Breach Index – a register of publicly disclosed cyber security
  • Some 315 breach events were examined in total with a focus on 65 “severe” and “catastrophic” breaches occurring since 2013 across seven global stock exchanges. The analysis found that investors have lost at least £42bn due to severe public domain cyber security incidents since 2013.

Wonga Data Breach Hack

Wonga Data Breach Hack ‘affects 245,000 UK Customers’

 

  • The payday loan firm Wonga has suffered a data breach hack which may have affected up to 245,000 customers in the UK.
  • The firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers”.
  • The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes. The range of information stolen may also include the last four digits of customers’ bank cards – information used by some banks as part of the login process for online accounts.
  • Prof Alan Woodward, a cybersecurity expert at the University of Surrey, said it was “looking like one of the biggest” data breaches in the UK involving financial information.
  • A further 25,000 customers in Poland were also potentially affected. In a statement, the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
  • Wonga said it did not believe the attackers had gained access to users’ loan accounts, but warned them to be vigilant.
  • The lender, which provides short-term loans, said it had became aware of the breach last week but at that time thought no data was involved.