Carnival Corporation, largest cruise operator in the world with over 150,000 employees and 13 million guests annually, has been hit with a ransonware attack expsoing data of customers and employees. Cybersecurity experts reacted below.
EXPERTS COMMENTS
Anurag Kahol, CTO, Bitglass
August 18, 2020
The travel industry is an extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. Whilst it’s unclear at this time how the hackers infiltrated Carnival’s systems, they have said the attackers "accessed and encry ....The travel industry is an extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more. Whilst it’s unclear at this time how the hackers infiltrated Carnival’s systems, they have said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also downloaded files from the company's network. To thwart ransomware attacks and mitigate their impact, all organisations need advanced threat protection. Organisations should leverage security solutions that can identify and remediate both known and zero-day threats on any cloud application or service, and protect managed and unmanaged devices that access corporate resources and data. This includes solutions that can automatically block malware in the cloud that is both at rest or in transit. Additionally, organisations must ensure adequate employee security training to identify phishing attempts and illegitimate emails as phishing is the primary vector for ransomware attacks.
Tim Bandos, Vice President of Cybersecurity, Digital Guardian
August 18, 2020
Ransomware is incredibly dangerous as it not only encrypts sensitive data, rendering it inaccessible, but it can also disrupt critical applications and systems, causing major outages and stoppages in operations. We can expect cybercriminals to continue to exploit common vulnerabilities in these types of opportunistic ransomware campaigns - and we strongly encourage companies to patch vulnerabiliti ....Ransomware is incredibly dangerous as it not only encrypts sensitive data, rendering it inaccessible, but it can also disrupt critical applications and systems, causing major outages and stoppages in operations. We can expect cybercriminals to continue to exploit common vulnerabilities in these types of opportunistic ransomware campaigns - and we strongly encourage companies to patch vulnerabilities as quickly as they can while ensuring all systems and programs are up to date.
Richard Cassidy, Senior Director of Security Strategy , Exabeam
August 18, 2020
A recent report revealed that 82% of SOCs are confident in their ability to detect cyberthreats, but with 40% also reporting staff shortages and only 22% of frontline workers tracking dwell time, it’s no surprise attacks like this keep happening. Compounding this issue, the sophistication of criminals and easy access to ransomware-as-a-service (RaaS) are rising, so we can expect to see this inc ....A recent report revealed that 82% of SOCs are confident in their ability to detect cyberthreats, but with 40% also reporting staff shortages and only 22% of frontline workers tracking dwell time, it’s no surprise attacks like this keep happening. Compounding this issue, the sophistication of criminals and easy access to ransomware-as-a-service (RaaS) are rising, so we can expect to see this increase in ransomware attacks continue throughout 2020. In fact, some experts predict that by the end of 2021, ransomware will hit a business every 11 seconds. The best defense against ransomware is a good offense through proactive prevention and mitigation. Behavioral modeling through user and entity behaviour analytics is one of the most effective approaches. The goal is to monitor certain behaviors on a regular basis in order to recognise what is normal for users and devices on the network. This makes it easier to detect unusual behaviour that could be the result of a ransomware attack. Typically a ransomware attack takes several stages, making early detection possible with the right solution.
