fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Largest Cruise Line Operator Carnival Confirms Ransomware Data Theft

Largest Cruise Line Operator Carnival Confirms Ransomware Data Theft

Carnival Corporation, the world’s largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack.

Carnival is included in both the S&P 500 and the FTSE 100 indices and it has more than 150,000 employees from roughly 150 countries and over 13 million guests each year.

The company operates nine cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, Seabourn) and a travel tour company (Holland America Princess Alaska Tours).

The ransomware attack Carnival refers to took place on August 15, 2020, and it was disclosed via an 8-K form filed with the Securities and Exchange Commission (SEC) two days later, on August 17.

At the time, the company said that only one of its brands was affected in the ransomware incident and that it expected that “the security event included unauthorized access to personal data of guests and employees.”

Also Read: How To Check Data Breach And How Can We Prevent It

Data theft confirmed in SEC filing

In a 10-Q form filed with the SEC yesterday, Carnival confirmed that the unknown ransomware gang was able to gain access to personal information of both customers and employees during the attack.

The discovery was made during an investigation led by a major cybersecurity firm hired by Carnival following the August 15 incident. The company also notified data regulators and relevant law enforcement agencies.

“While the investigation is ongoing, early indications are that the unauthorized third-party gained access to certain personal information relating to some guests, employees, and crew for some of our operations,” Carnival said. “There is currently no indication of any misuse of this information.”

“While at this time we do not believe that this information will be misused going forward or that this incident will have a material adverse effect on our business, operations, or financial results, no assurances can be given, and further, we may be subject to future attacks or incidents that could have such a material adverse effect,” Carnival added.

Even though the filing does not name the ransomware strain used to encrypt systems, BleepingComputer knows of more than 22 different ransomware operations that steal and leak sensitive documents and info as part of their attacks.

When contacted by BleepingComputer in August, Carnival said that they are “not planning to discuss anything beyond the 8K filing at this point since it is early in the investigation process.”

Also Read: What Is Pentest Report? Here’s A Walk-through

Vulnerable Carnival Citrix and Palo Alto servers

Cybersecurity intelligence firm Bad Packets discovered several potential points of initial compromise that the ransomware attackers might have used as an entry point into Carnival’s network.

Multiple Citrix ADC (NetScaler) devices and Palo Alto Networks firewalls were found to be vulnerable to CVE-2019-19781 (patched in January 2020) and CVE-2020-2021 (patched at the end of June 2020) exploits, respectively.

Both these vulnerabilities can be used by ransomware gangs as stepping stones to breach a corporate network allowing them to move laterally and collecting credentials needed to take over admin accounts and the Windows domain controller.

Even though Carnival did not disclose if any of these servers were compromised during the August 2020 incident, ransomware gangs are regularly scanning for and exploiting such vulnerable devices in their attacks.

The ransomware attack came after a data breach Carnival announced in March 2020 that led to the exposure of customers’ personal and financial information after an unknown threat actor gained access to employee email accounts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us