Originally reported by ZDNet, the popular hotel chain Marriott has been hit with a £18.4 million GBP fine from the UK’s Information Commissioner’s Office (ICO) following a four-year-long compromise spanning from 2014-2018. The compromise, which originally started from a basic web shell on a Starwood resort chain’s systems, eventually resulted in the theft of information belonging to roughly 339 million guests. Marriott acquired Starwood and inherited the fallout from the data breach as well. Due to the economic hardships due to COVID-19 along with Mariott’s response to the incident, the ICO has lowered the fine from £99,200,396.
Enterprise defenders should carefully examine network security events for mergers and acquisitions, focusing on detection of ongoing threats rather than just perimeter defense or blocking external attacks. Attackers who find a way to bypass perimeter security controls just once can maintain access by running RATs, webshells, and other remote access methods for an extended period of time. It is imperative to monitor events from internal systems for signs of compromise and practice regular threat hunting to locate stealthy attackers quickly. Binary Defense provides managed services for monitoring security events and advanced threat hunting to supplement enterprise defense teams. For customers of Starwood and Marriott, Binary Defense recommends regularly monitoring employee and individual exposure from data breaches. Our Counterintelligence service provides continuous monitoring of external threats and exposure of employee accounts from data breaches and information posted on Darknet sites. Additionally, using a password manager is the best way to keep passwords unique, so that a data breach from one site does not result in account compromise across many services where the same password was reused.