Woesnotgone Meadow; December 15, 2018

Woesnotgone Meadow; December 15, 2018

Most residents in the Meadow don’t travel this time of year. With the snow and potential for more snow, ice, and freezing temperatures, there can be a substantial risk. Once the weather breaks, our town begins to travel more. There is also so much to see in the Meadow, with Jerry’s Ice Skating Rink, how many scoops Margie can actually put on a cone before physics takes over, and of course watching the people passing through at the gas station. When we do travel, we have to stay somewhere to rest and sleep at the final destination. As we travel through the nation, there are a number of different chains to accept our business. One of these is the massive Marriott chain of hotels. For those in the Meadow who did travel and stayed at a Marriott, there may be an issue for them to consider.

Marriott Hotel Chain

The Marriott hotel chain is massive. The chain is global with assets in over a hundred countries. In order for you to reserve a room for the stay, the client uses their Starwood application, which is owned and managed by their Starwood division. The Starwood application also services other hotel brands, other than Marriott. These include W Hotels, Sheraton, Le Meridien, and Four Points by Sheraton. The subject Starwood reservation dB was purchased in 2016 by the Marriott, St. Regis, Westin, Sheraton, and W Hotels entities.

Attack

The Starwood dB was rather integral to the business operations for the hotels using this. This one system was responsible for a significant portion of the revenue. The Starwood reservation database was compromised by an unauthorized party. This occurred in 2014. The successful attackers had complete, unfettered access beginning at that time. It seems a bit odd why the detection would require four years. Some persons would be defensive when this point would be brought up. They may even rationale this based on the size of the network and number of attack points being very large.

The alternative of the reality is a much more viable explanation. This should have been caught much, much sooner. For the time the attackers had access there had to have been a blatant trail within the logs at the least. The users and systems do indeed create a mountain of data to review, analyze, and digest. This would be exceptionally difficult to digest. We have this program though, which has the ability to automate tasks, analyze mass amounts of data, and generally catch things we can’t. This involves a SIEM.

This was only detected by an internal security tool on 9/8/2018. The red flag for this event was someone attempting to access the Starwood dB, who was later found to be not authorized. This entity had copied and encrypted the client’s data. The clients are not only US-based but also those abroad, especially the EU. Marriott was not sure exactly how this happened.

Affected

The targeted dB was copied and encrypted by the attackers. This dB contained the records of up to 500M Starwood clients. These were from the W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels & Resorts, and Four Points by Sheraton. The Design Hotels were also participating in the Starwood Preferred Guest Program, as well as Starwood branded timeshare properties. This covers the properties in over 110 countries. For up to 327M of these clients, this data included a combination of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrive/departure data. A portion of these records also may have encrypted payment card information. Although there was encryption, the keys may also have been stolen. With all of this data available for sale, the attackers have a lot of opportunity for misuse.

Based on this oversight, the state of Hawaii has threatened Marriott with fines. Along with this same point, Marriott International may also receive a massive fine of greater than 17M pounds due to this involving the citizens of the EU. Two US-based law firms have also filed class action lawsuits regarding this. Based on the negative news, Marriott’s stock (MAR) dropped nearly 6% in the premarket training.

Who’s to blame?

In theory, any team from across the globe could be the attackers. There are multiple articles reporting the compromise was done by a nation state, who is known for this type of activity. The attackers, however, appear to have also been connected to attacks focused on health insurers.

Remediation

The business is notifying the affected parties. They also notified the UK’s Information Commissioner’s Office (ICO) of the breach. Also, they are working with law enforcement. To address this and offer information, they created a website and stood up a call center to answer questions. They are offering the affected parties in the UK, US, and Canada a year subscription to a fraud-detecting service (WebWatcher). While this has some level of value in the short-term, the attackers still could use this at the one year and one day mark.

Resources

ABC News. (2018, November). Massive, extended data breach at marriott’s starwood hotels. Retrieved from https://abcnews.go.com/Business/wirestore/massive-data-breach-marriotts-starwood-hotel-59516173

Admin. (2018, December 4). Marriott may face GDPR fine of more than 17M. Retrieved from https://www.travelweekly.co.uk/articles/318325/marriott-may-face-gdpr-fine-of-more-than-17m

Associated Press. (2018, November 30). Massive extended data breach at marriott’s starwood hotels. Retrieved from https://www.apnews.com/d496fce7a77347d6aa058470d38a69bc

BBC News. (2018, November). Marriott hack hits 500 million guests. Retrieved from https://www.bbc.com/news/technology-46401890

Brewster, T. (2018, December 3). Revealed: Marriott’s 500 million hack came after a string of security breaches. Retrieved from https://www.forbes.com/sites/thomasbrewster/2018/12/03/revealed-marriotts-500-million-hack-case-came-after-a-string-of-security-breaches/#4d3f82c8546f

Cimpanu, C. (2018, November 30). Marriott reveals data breach affecting 500 million hotel guests. Retrieved from https://www.zdnet.com/article/marriott-announces-data-breach-affecting-500-million-hotel-guests/

Cook, J. (2018, November 30). Private data of 500 million Marriott guests exposed in massive breach. Retrieved from https://www.telegraph.co.uk/technology/2018/11/30/private-data-500-million-marriott-guests-exposed-massive-breach/

Kilgore, T. (2018, November 30). Marriott’s stock sinks after disclosing data breach affecting up to 500 million guests. Retrieved from https://www.marketwatch.com/story/marriotts-stock-sink-after-disclosing-data-breach-affecting-up-to-500-million-guests-2018-11-30

Murphy, I. (2018, December 3). Marriott data breach shows cyber security risks of mergers. Retrieved from https://www.enterprisetimes.co.uk/2018/12/03/marriott-data-breach-shows-cyber-security-risks-of-mergers/

Ortiz, E. (2018, November 30). Marriott says breach of starwood guest database compromised info of up to 500 million. Retrieved from https://www.nbcnews.com/tech/security/marriott-says-data-breach-compromised-info-500-million-guests-n942041

Osborne, C. (2018, December 12). China blamed for Marriott data breach. Retrieved from https://www.zdnet.com/article/china-blamed-for-marriott-data-breach/

Picchi, A. (2018, November 30). Marriott data breach may expose 500 million guests. Retrieved from https://www.cbsnews.com/news/marriott-data-breach-500-million-starwood-guests-hit-by-data-breach/

Snider, M. (2018, November 30). Marriott says as many as 500 million starwood guests data may have been breached. Retrieved from https://www.usatoday.com/story/money/business/2018/11/30/marriott-data-breach-may-affect-500-million-starwood-hotel-guest/

Tarlow, P.E. (2018, December 2). Marriott security breach: The human side of cyber security breaches. Retrieved from https://www.eturbonews.com/239317/marriott-security-breach-the-human-side-of-cyber-security-breaches

Telford, T. (2018, November 30). Marriott discloses massive data breach affecting up to 500 guests. Retrieved from https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/

Valinsky, J. (2018, November 30). Marriott says 500 million starwood accounts compromised. Retrieved from https://www.cnn.com/2018/11/30/tech/marriott-hotels-hacked/index.html

Whittaker, Z. (2018, November 30). Marriott says 500 million starwood guest records stolen in massive data breach. Retrieved from https://techcrunch.com/2018/11/30/starwood-hotels-says-500-million-guest-records-stolen-in-massive-data-breach/