Introduction
Marriott International suffered a significant data breach in 2020, compromising the personal information of approximately 5.2 million guests (Wired, 2020). This report analyzes the incident, identifying the affected parties, nature and severity of the attack, threat actors, indicators of compromise, and lessons learned.
Incident Overview
The breach occurred in early 2020, with unauthorized individuals accessing guest data using stolen employee login credentials (Wired, 2020).
Incident Analysis
Affected Parties: 5.2 million Marriott guests.
Nature and Type of Cyber Attack: Unauthorized access incident involving sensitive customer data.
Severity of the Cyber Attack: Significant, with potential identity theft and fraudulent activities
Threat Actors and Their Motives: Unknown, but possibly financial gain or espionage
Identified Indicators of Compromise (IOCs): Unusual login activity, data exfiltration patterns, unusual network activity, and suspicious processes.
Elements of Security Compromised (C.I.A. Triad): Confidentiality, Integrity, and Availability.
Systems, Data, or Users Affected: Guest reservation system and personally identifiable information (PII).
Vulnerability or Vulnerabilities Exploited: Weak passwords, insufficient authentication measures, and compromised user accounts.
Actions Taken by Marriott
Marriott engaged external experts to investigate and contain the breach, notified affected customers, and offered identity monitoring services.
Lessons Learned
Regularly review and update authentication processes and access controls
Implement multi-factor authentication.
Continuously monitor for anomalous behaviour.
Prioritize employee cybersecurity awareness training.
Regularly assess and update security systems and protocols to address emerging threats and vulnerabilities.
Carry out Regular penetration tests.
Maintain robust incident response and communication plans.
Implement strong password policies.
Conclusion
The Marriott data breach highlights the ongoing challenges organizations face in protecting sensitive customer data. It is crucial for organizations to learn from incidents like this, improve their cybersecurity defenses, and prioritize protecting customer data to safeguard their reputation and maintain customer trust.
References
1. Bowen, P., Hash, J., & Wilson, M. (2006). Information Security Handbook: A Guide for Managers. National Institute of Standards and Technology. Gaithersburg, MD. NIST SP 800-100. DOI: 10.6028/NIST.SP.800-100.
2. Bright, P. (2011, 15th February). Anonymous Speaks: The Inside Story of the HBGary Hack. Retrieved 9th March 2017. Accessed from [URL]: https://attack.mitre.org/techniques/T1586/.
3. Federal Trade Commission (2023). Data Breach Response: A Guide for Business. Accessed 9th September 2023. URL: https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business.
4. Chichonski, P., Millar, T., Grance, T., Scarfone, Karen. (2012). Computer Security Incident Handling Guide. National Institute of Standards and Technology.Gaithersburg, MD. NIST SP800-61R2 DOI:10.6028/NIST.SP.800-61r2
5. ISO/IEC. (2016). ISO/IEC 27035:2016 - Information technology - Security techniques - Information security incident management.
6. ISO/IEC. (2013). ISO/IEC 27002:2013 - Information technology - Security techniques - Code of practice for information security controls.
7. MITRE. (2023). MITRE ATT&CK® Framework.
8. National Institute of Standards and Technology (2018). Cybersecurity Framework version 1.1. Accessed 5th September 2023. DOI: 10.6028/NIST.CSWP.04162018.
9. Microsoft. (2022, 22nd March). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved 23rd March 2022. Accessed from [URL]: https://attack.mitre.org/techniques/T1586/.
10. Reuters. (2023). ICO fines Marriott 18.4 million pounds for failing to secure customer data. Reuters. Retrieved 18th September 2023. [URL: https://www.reuters.com/article/us-marriott-intnl-ico-idUSKBN27F1LH]
11. Santos, O. (2020, 19th October). Attackers Continue to Target Legacy Devices. Retrieved 20th October 2020. Accessed from [URL]: https://attack.mitre.org/techniques/T1056/001/.
12. Temoshok, David. (2022). Digital Identity Guidelines: Authentication and Lifecycle Management. National Institute of Standards and Technology. Gaithersburg, MD. NIST SP 800-63B-4 ipd. DOI: 10.6028/NIST.SP.800-63B-4.ipd.
13. Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved 27th April 2016. Accessed from [URL]: https://attack.mitre.org/techniques/T1056/001/.
14. Wilson, M., & Hash, J. (2003). Building an Information Technology Security Awareness and Training Program. National Institute of Standards and Technology. Gaithersburg, MD. NIST SP 800-50. DOI: 10.6028/NIST.SP.800-50.
15. Wired. (2020). "Marriott Hacked, Yes Again." Accessed 17th July 2023. URL: https://www.wired.com/story/marriott-hacked-yes-again-2020/.
Contact US
Find out how CPAF can help your organisation to achieve mitigate cybersecurity risks and avert cyber threats. Benefit from our information security audits, cybersecurity penetration tests, digital forensics services and more.
Find out how CPAF can help your organisation to achieve mitigate cybersecurity risks and avert cyber threats. Benefit from our information security audit services, digital forensics, penetration test services and m.
Email: adminsitrator@africacpaf.com
