Carnival Corporation, the world’s largest cruise line operator, has confirmed that they were the victim of a ransomware attack that involved the theft of personal information of customers, employees, and ship crewmembers. The ransomware took place on August 15th of this year and a notice was filed with the Securities and Exchange Commission (SEC) two days later on August 17th. Carnival made a statement that only one of its nine brands was affected in the attack and that “the security event included unauthorized access of personal data of guests and employees.” Cybersecurity firm Bad Packets discovered several potential points of initial compromise that the attackers may have used to enter the Carnivals network. The two main points of possible entry that were found, CVE-2019-19781 and CVE-2020-2021, are vulnerabilities in Internet-facing servers Citrix ADC and Palo Alto PAN-OS that can be used as steppingstones by ransomware gangs to breach corporate networks, allowing them to move laterally and collecting credentials needed to access admin accounts on the servers.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in