Security Experts On Carnival Hit With Ransomware Attack Exposing Data

Carnival Corporation, largest cruise operator in the world with over 150,000 employees and 13 million guests annually, has been hit with a ransonware attack expsoing data of customers and employees. Cybersecurity experts reacted below.

Experts Comments

August 18, 2020
Dan Panesar
Director UK & Ireland
Securonix
The Carnival data breach is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information, including personal details, credit cards and social security numbers; all the essentials to perform some pretty nasty identity fraud on its customers. It appears the attackers have used the classic diversion of a ransomware attack to divert attention to the real focus of the attack, which was to steal valuable and sensitive data. In today's security landscape,.....Read More
The Carnival data breach is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information, including personal details, credit cards and social security numbers; all the essentials to perform some pretty nasty identity fraud on its customers. It appears the attackers have used the classic diversion of a ransomware attack to divert attention to the real focus of the attack, which was to steal valuable and sensitive data. In today's security landscape, organisations and their security teams are out gunned by the attackers in terms of resources and skills. Security teams need to spend less time managing the systems and more time addressing the threats. One clear way to do this is using behavioural analytics to spot abnormal behaviour before it causes real problems. Secondly, using automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to attacks.  Read Less
August 18, 2020
Anurag Kahol
CTO
Bitglass
The travel industry is an extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. Whilst it’s unclear at this time how the hackers infiltrated Carnival’s systems, they have said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also.....Read More
The travel industry is an extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. Whilst it’s unclear at this time how the hackers infiltrated Carnival’s systems, they have said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also downloaded files from the company's network. To thwart ransomware attacks and mitigate their impact, all organisations need advanced threat protection. Organisations should leverage security solutions that can identify and remediate both known and zero-day threats on any cloud application or service, and protect managed and unmanaged devices that access corporate resources and data. This includes solutions that can automatically block malware in the cloud that is both at rest or in transit. Additionally, organisations must ensure adequate employee security training to identify phishing attempts and illegitimate emails as phishing is the primary vector for ransomware attacks.  Read Less
August 18, 2020
Tim Bandos
Vice President of Cybersecurity
Digital Guardian
Ransomware is incredibly dangerous as it not only encrypts sensitive data, rendering it inaccessible, but it can also disrupt critical applications and systems, causing major outages and stoppages in operations. We can expect cybercriminals to continue to exploit common vulnerabilities in these types of opportunistic ransomware campaigns - and we strongly encourage companies to patch vulnerabilities as quickly as they can while ensuring all systems and programs are up to date.
August 19, 2020
Paul Bischoff
Privacy Advocate
Comparitech
We won't know the real impact of Carnival's breach until the company discloses what information was stolen. The sooner it reveals what customer information was breached, the sooner those customers can take steps to prepare and protect themselves. The longer it waits, the longer cybercriminals will have to launch attacks against affected customers.
August 19, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
This is another case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year. As for Carnival customers, they will need to keep their eyes open for phishing attempts and other "attacks" designed to separate them from their personal information and.....Read More
This is another case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year. As for Carnival customers, they will need to keep their eyes open for phishing attempts and other "attacks" designed to separate them from their personal information and hard-earned money, as bad actors may attempt to take advantage of the data gleaned from this attack and the data breach that occurred earlier this year.  Read Less
August 19, 2020
Chris Clements
VP
Cerberus Sentinel
Attackers move swiftly to exploit critical vulnerabilities. Any organization that is not equipped to locate and patch vulnerable systems in under a week is at a significant risk of compromise from organized hacking groups. Once the network perimeter is breached, it can take skilled hackers little more than a few hours to gain complete control of the victim’s internal network and deploy their ransomware. Victims are left with the choice to either pay the cybercriminals extortion demands or.....Read More
Attackers move swiftly to exploit critical vulnerabilities. Any organization that is not equipped to locate and patch vulnerable systems in under a week is at a significant risk of compromise from organized hacking groups. Once the network perimeter is breached, it can take skilled hackers little more than a few hours to gain complete control of the victim’s internal network and deploy their ransomware. Victims are left with the choice to either pay the cybercriminals extortion demands or attempt to recover operations on their own. Often compromised organizations discover that even if the attackers did not delete their backups that paying the ransom is both cheaper and faster than attempting recovery on their own. The unfortunate fact is that the normal recovery process while functional for recovering the occasional failed system completely fails to work when needing to recover hundreds or thousands of systems at once. Carnival states that they detected the ransomware attack on August 15th, but it’s likely that the attackers had access to their network and data for weeks or months prior to searching and exfiltrating any sensitive data they could find. Organizations seeking to protect themselves from ransomware attacks must adopt a culture of security that includes regularly scanning for serious security holes and patch within a week’s time, ensuring that internal controls and monitoring exist to quickly detect and limit a potential attacker’s access, and ensuring that any recovery operations are effective at a mass scale.  Read Less
August 19, 2020
Erich Kron
Security Awareness Advocate
KnowBe4
This is just another example of how ransomware continues to wreak havoc on organizations of all size across most any industry. In this case, unfortunately the strain is one of the newer types that exfiltrates data prior to encrypting the files. In these cases, the data exfiltration is often worse than the file encryption component as encrypted files can be restored from a backup, but once the data is exfiltrated, it cannot be undone. This one-two punch of data exfiltration and denying access.....Read More
This is just another example of how ransomware continues to wreak havoc on organizations of all size across most any industry. In this case, unfortunately the strain is one of the newer types that exfiltrates data prior to encrypting the files. In these cases, the data exfiltration is often worse than the file encryption component as encrypted files can be restored from a backup, but once the data is exfiltrated, it cannot be undone. This one-two punch of data exfiltration and denying access through encryption is only getting worse and resulting in higher ransom demands than ever before. It is important to understand that once the data leaves the organization’s control, unless the data exfiltrated was encrypted by the organization before it was taken, the organization must treat this as a data breach even if they pay the attackers not to publicly release the data. Make no mistake, just because the data is not leaked to the public, it does not mean it will not be sold on the dark web. Carnival is understandably withholding statements at this time as they work to find out the extent of the incident and the potential impact to customers or the organization, a process that does take time. I am hopeful that Carnival will share the information discovered during the investigation, even if it is through an anonymous data sharing entity, in order to help other organizations protect themselves from these types of attacks.  Read Less
August 18, 2020
Richard Cassidy
Senior Director of Security Strategy
Exabeam
A recent report revealed that 82% of SOCs are confident in their ability to detect cyberthreats, but with 40% also reporting staff shortages and only 22% of frontline workers tracking dwell time, it’s no surprise attacks like this keep happening. Compounding this issue, the sophistication of criminals and easy access to ransomware-as-a-service (RaaS) are rising, so we can expect to see this increase in ransomware attacks continue throughout 2020. In fact, some experts predict that by the end .....Read More
A recent report revealed that 82% of SOCs are confident in their ability to detect cyberthreats, but with 40% also reporting staff shortages and only 22% of frontline workers tracking dwell time, it’s no surprise attacks like this keep happening. Compounding this issue, the sophistication of criminals and easy access to ransomware-as-a-service (RaaS) are rising, so we can expect to see this increase in ransomware attacks continue throughout 2020. In fact, some experts predict that by the end of 2021, ransomware will hit a business every 11 seconds. The best defense against ransomware is a good offense through proactive prevention and mitigation. Behavioral modeling through user and entity behaviour analytics is one of the most effective approaches. The goal is to monitor certain behaviors on a regular basis in order to recognise what is normal for users and devices on the network. This makes it easier to detect unusual behaviour that could be the result of a ransomware attack. Typically a ransomware attack takes several stages, making early detection possible with the right solution.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.