Cyber Attack History : Marriott International

The cyber attack on Marriott International in November 2018 was a major data breach that exposed the personal information of millions of guests. Here's a detailed breakdown of what happened:

Timeline:

• 2014: Attackers gained unauthorized access to the Starwood Hotels network, which Marriott acquired in 2016.
• September 2018: An internal security tool at Marriott detected an attempt to access the Starwood guest reservation database.
• November 19, 2018: Marriott discovered that unauthorized access had been occurring since 2014 and that guest information had been copied and encrypted.
• November 30, 2018: Marriott publicly disclosed the breach, revealing that up to 500 million guest records were potentially compromised.

What data was affected:

The information exposed varied depending on the individual guest and could include:

• Names
• Email addresses
• Phone numbers
• Passport numbers
• Birthdates
• Arrival and departure dates
• VIP status
• Loyalty program information
• Credit card details (although Marriott later clarified that payment card information for guests who used chip-and-pin technology was not compromised)

Impact:

• This breach is considered one of the largest data breaches in history, affecting millions of people worldwide.
• Marriott faced legal repercussions, including fines from various regulatory bodies and lawsuits from affected individuals.
• The company also incurred significant financial losses due to investigation costs, remediation efforts, and legal settlements.
• The breach damaged Marriott's brand reputation and eroded customer trust.

Key factors contributing to the breach:

• Legacy IT infrastructure: Starwood was still using outdated systems at the time of the acquisition, making them more vulnerable to attacks.
• Limited due diligence: Marriott did not fully assess Starwood's cybersecurity posture before the acquisition.
• Inadequate security measures: Starwood's systems lacked sufficient security controls to detect and prevent unauthorized access.

Aftermath:

• Marriott implemented various security improvements, including upgrading its IT infrastructure and strengthening its cybersecurity defences.
• The company also offered credit monitoring and identity theft protection services to affected guests.
• This incident served as a wake-up call for the hospitality industry, highlighting the importance of robust cybersecurity measures for protecting guest data.

Exploit :

Possible exploit:

• Social engineering: Some sources, like The Register, mention the attackers might have used social engineering to gain access to a single employee's computer. This could involve phishing emails, phone calls, or other tactics to trick the employee into revealing login credentials or installing malware.

Unconfirmed possibilities:

• Remote access trojan (RAT): Some sources suggest attackers might have used a RAT to gain remote access to Starwood's systems before the acquisition.
• Outdated software vulnerabilities: Experts pointed out Starwood's reliance on outdated systems, making them more vulnerable to potential vulnerabilities in those specific software versions.

Unlikely scenario:

• Direct attack on Marriott's systems: There are no reports indicating a direct attack on Marriott's infrastructure, suggesting the initial point of entry was likely within Starwood's network.

Overall:

The exact exploit remains undisclosed, possibly due to ongoing investigations or legal concerns. However, the available information suggests social engineering as a potential entry point, with additional possibilities involving vulnerabilities in outdated software or a RAT.