500 Million Affected in Marriott Data Breach


Marriott has announced what appears to be one of the larger data breaches in history, a compromise that affects as many as 500 million people and stretches back to an intrusion in the company’s network in 2014.

The breach is staggering in regard to both the number of people potentially affected and the length of time the attackers were on the network. Marriott officials said the intrusion occurred on the Starwood network some time in 2014 and the company only became aware of the compromise in September. Marriott and Starwood merged in 2016, and Marriott officials said the attackers were able to access a database on the Starwood guest reservations system.

The company learned of the intrusion after an internal security system threw an alert about an unauthorized access attempt to the Starwood guest reservation system on Sept. 8. For 327 million people, information compromised in the breach includes names, home addresses, phone numbers, email addresses, some passport numbers, dates of birth, and some payment card information. For the other affected customers, the attackers only had access to names and some address and email address data.

“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database,” the Marriott statement says.

The company said that the payment card data stolen was encrypted, but Marriott officials aren’t sure whether the attackers were able to steal the private keys needed to decrypt the data.

“For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken,” Marriott said.

It’s highly unusual, if not unprecedented, for a company to signal publicly that encryption keys were taken as part of a data breach. Typically, companies will say that stolen data was either encrypted or in plaintext, but the mention of the possible theft of the encryption keys themselves is rare.

Sophisticated adversaries can dig into networks and stay hidden for some time, as the Marriott attackers appear to have done, and study the environment as they look for valuable information to grab.

"It all boils down to how intelligent the adversary is. If the adversary knew what he or she was targeting and had information about the behavior and environment and behavior patterns, it significantly reduce the chances of getting caught," said Itzik Kotler, CTO of SafeBreach, said.

In today's atmosphere, everyone understands that they're a target. There's no downside for the attackers in owning your laptop or your network. There's always a reason for the bad guys to hack you. It's always valuable, one way or the other.

Starwood has been affected by data breaches in the past, including one in 2015 that involved attackers planting malware on some point-of-sale terminals in some of the company’s hotel properties. That incident only involved a subset of properties in North America and the attackers were able to get payment card data from hotel front desks, gift shops, and restaurants.

'CopyCat’ Malware in its Peak Contaminated 14m Android Devices

An Android malware infected and proliferated so effectively that when its attacks were the maximum during April-May 2016, it contaminated 14m devices as well as rooted 8m of them.

According to security researchers, the malware sample called 'CopyCat' aided in earning $1.5m to its creators, chiefly via ad fraud in April-May 2016.

Security Investigators from the Mobile Research Team of Check Point, after detecting the malware during March 2017, assert that CopyCat primarily contaminated Android owners within the countries of Southeast Asia; however, Android owners numbering 280,000-and-more in USA too were contaminated. As per research, Asia was attributed with 55% of CopyCat contaminations, while Africa with 18% ranked No.2 on the list of countries with most contaminated Android gadgets.

CopyCat transmits monetary earnings to hackers, the income acquired from pop-up ads of applications rather than to app developers. In a computation by Check Point, a maximum of 4.9m fake applications got planted onto infected devices, generating a maximum of 100m advertisements. Within sixty days, CopyCat accounted an income of $1.5m-and-more that it transmitted to cyber-criminals.

Check Point associates the assault with MobiSummer, an app developer and tech startup in China. Now, it isn't clear whether the company had a direct involvement else had been victimized itself. posted this, July 6, 2017.

Check Point further states that CopyCat understandably proliferated via phishing scams as well as repackaged widely-used applications with malicious software when end-users took them down from intermediate application repositories. Once CopyCat contaminates an Android gadget, the malware roots the gadget for acquiring complete hold over it. It subsequently, thrusts Zygote an app that aids the process of launching using code for starting loading of illegitimate applications onto the gadget.

For gaining insights, Check Point's researchers retrieved data via accessing CopyCat's command-and-control servers. Reportedly, malevolent advertisements got exhibited on 3.8 million contaminated devices, whilst 4.4 million contaminated devices got utilized for "stealing credit" in connection with Google's Play Store referrals.

After its peak in 2016, CopyCat attacks slowed pace when Google blacklisted the malicious program on Play Project; however, according to Check Point, contaminated gadgets are likely yet under the program's impact.

Source: Spamfighter

With malware attacks becoming increasingly prevalent, phx-IT has your back. We will keep your business and your business data safe, without breaking the bank. Let us show you why our service is the best in the Valley, Contact Us for more information.  Josh Bowe, Brand Champion at phx-IT