Ransomware attack hits world’s largest cruise operator – Carnival

The world’s largest cruise operator, Carnival recently disclosed that it has been the victim of a ransomware attack.

The cruise operator, which employs over 150,000 staff worldwide and serves over 13 million guests each year filed an 8-K form with the Securities and Exchange Commission (SEC), confirming the ransomware attack which took place on August 15th.

A section of the filing read as follows:

“On August 15, 2020, Carnival Corporation and Carnival plc (together, the “Company,” “we,” “us,” or “our”) detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files.”

Carnival states that data was downloaded, which could lead to claims from those affected by the breach, and while they are hopeful the attack was not widespread, they are not yet sure of the total implications.

“Although we believe that no other information technology systems of the other Company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected.”

While nothing is known yet of the attack vector used by the hackers, ransomware attacks can often be the result of successful spear phishing campaigns. In a recent study, as many as 88% of global organisations are thought to have been hit by spear phishing attacks during 2019.

The necessity for an organisations’ users to undergo security awareness training is fast becoming a reality that some are finding out too late.

Another possible attack vector, as posted on Twitter by cyber-security intelligence organisation Bad Packets, could have been edge gateway vulnerabilities CVE-2019-19781 and CVE-2020-2021, affecting Citrix servers and PaloAlto Networks firewalls respectively.

Carnival is known to use both systems but whether these vulnerabilities were patched, or involved in the attacks, remains unknown.

What is known is that even advanced security hardware was not able to stop the intrusion of hackers and the theft of sensitive information.

In these scenarios, the onus of security comes down to the individuals within an organisation. If they are not trained in how to spot phishing emails, or have proper procedures in place to routinely patch vulnerabilities, then it is only a matter of time before these attacks are going to happen again.

Hackers have become increasingly devious over the COVID-19 pandemic as millions of workers worldwide have been forced to work from home, where cyber-security practices are more relaxed and harder to police.

User knowledge should be at the forefront of cyber security discussions, concerns and decisions, playing as important a role as technology in the all- important People, Process & Technology triangle of organisational security.

PhishingTackle.com helps organisations build their cyber awareness and we are fully aware the first steps can be the hardest to take. Knowing this, we have created a number of free tools which help you better understand the size of the gap in your human firewall.

One of our most popular tools is the Free Click-Prone® Test, which reveals how many of your users are susceptible to a modern phishing attack.

Recent posts