As if times weren’t hard enough for the travel industry, BleepingComputer revealed that the cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. When it comes to passenger travel, data breaches and ransomware can be especially catastrophic. Biographical information, travel details and potentially passport information are like gold dust on the black market. Perhaps this is why airlines, hotels and cruise operators are so frequently targeted.
Dan Panesar, Director of EMEA fro Securonix, stated: “The Carnival data breach is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information including, personal details, credit cards and social security numbers. All the essentials to perform some pretty nasty identity fraud on its customers. It appears the attackers have used the classic diversion of a ransomware attack to divert attention to the real focus of the attack which was to steal valuable and sensitive data. In todays security landscape organisations and their security teams are out gunned by the attackers in terms of resources and skills. Security teams need to spend less time managing the systems and more time addressing the threats. One clear way to do this is using behavioural analytics to spot abnormal behaviour before it causes real problems. Secondly using automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to attacks.”
Carnival states that they detected the ransomware attack on August 15th, but it’s likely that the attackers had access to their network and data for weeks or months prior searching and exfiltrating any sensitive data they could find.
Organisations seeking to protect themselves from ransomware attacks must adopt a culture of security that includes regularly scanning for serious security holes and patch within a week’s time, ensuring that internal controls and monitoring exist to quickly detect and limit a potential attacker’s access, and ensuring that any recovery operations are effective at a mass scale.”