At this point in time, a majority of the nations are not focused
on leisure. At some point in the future, society will get back to some form of
normal. At that point, we may look to recreational activities to assist with
our decompression after being isolated for our extended time. One activity
that increases in activity may be the cruise industry. One of the largest
companies in the sector is Carnival Corporation. The business operates more
than 100 vessels and is based in Florida. The vessels have brands that we all
recognize, such as Carnival Cruise Lines, Princess Cruises, Costa Cruises, and
AIDA.
Issue
The corporation holds a massive amount of data from
operations (revenue, accounts receivable, accounts payable, vendor lists,
banking information, etc.) and clients (name, address, credit card numbers,
when their cruise will be, etc.). This made the cruise corporation a prime
target. The attack was detected on August 15, 2020. The company notified law
enforcement and began to investigate. To fill their expertise gaps, they contracted
with other incident response persons. The corporation was required to notify
the U.S. Securities and Exchange Commission (SEC) since this is publicly
traded.
Breach
As this was a successful attack, their defenses were
breached. The attackers were able to access and encrypt a portion of the data
on their servers. This should sound unfortunately familiar as this is yet
another successful ransomware attack. The attackers also downloaded files. This
data likely included the personal data of guests and employees. The curious
wrinkle with this is there may be a greater issue than just with the SEC if the
guests and/or employees were EU citizens, with the GDPR in effect.
The odd part of this is they are not sure how far the breach
went. The corporation believes this only affects one brand. Seemingly, they
should know if more than one brand’s data was accessed. There are logs for the
SIEM to examine, unless the attacker modified these.
Pattern
This is not Carnival’s first experience with a breach. Two
of their brands, Holland America Line and Princess Cruises, appear to have been
breached in 2019.
Ransomware has become such a mountain of a nightmare over
the last four years. This is another example of what can happen with a simple error
on the part of an employee.
Resources
BNP Media. (2020, August 18). Carnival corporation hit by
ransomware.
Grieg, J. (2020, August 19). Carnival cruises hit with a
costly ransomware attack. Retrieved from https://www.techrepublic.com/article/carnival-cruises-hit-with-costly-ransomware-attack/
Maritime Executive. (2020, August 17). Carnival corporation
reports ransomware attack accessed data. Retrieved from https://www.maritime-executive.com/article/carnival-corporation-reports-ransomware-attack-accessed-data
Mogg, T. (2020, August 18). World’s largest cruise line
operator hit by cyber attack. Retrieved from https://www.digitaltrends.com/computing/worlds-largest-cruise-line-operator-hit-by-cyberattack/
Norton, T. (2020, August 19). Carnival corp brand hit by
ransomware attack. Retrieved from https://www.travelpulse.com/news/cruise/carnival-corp-brand-hit-by-ransomware-attack.html
Travolution. (2020, August 19). Carnival corporation cruise
line brand his by ransomware attack. Retrieved from https://www.travolution.com/articles/116486/carnival-corporation-cruise-line-brand-his-by-ransomware-attack
Vigayan, J. (2020, August 18). Ransomware attack on carnival
may have been its second compromise this year. Retrieved from https://www.darkreading.com/attacks-breaches/ransomware-attack-on-carnival-may-have-been-its-second-compromise-this-year/d/d-id/1338696
No comments:
Post a Comment