How a simple Hack can put a business at risk...
Long story short: Marriot has been hacked in 2016
- 383 M of PII on customer leaked
- 18,5 passeports encrypted
- 5,25 clear text passports
- 9,1 M Credit card numbers encrypted
- 385.000 valid cards
How they detected:
- Unusual request against the database done by a user account
- Detected by Guardium IBM
But it was too late!
What the forensic revealed:
- They discovered a Trojan on a computer
- This enabled hackers to control remotely from a command and control
- They discovered Mimikatz on the computer that probably has been used in order to get credentials and privileges
- Hackers where in since 2014!!!!
- 2 compressed archived files where found and deleted probably containing all the leaked data
Think of the impact? On the business? On the trust of customers? What would have been the fine in the GDPR context? 3.5 Billion of turn Over and a benefit of 226 Million for 2016? 2%? 700 M. 3 years of full benefits.
How Varonis would have helped?
All the security layers failed. This is a statement since the hackers where in since 2 years, compromised an identity, done lateral movement, privilege escalation and data exfiltration. All this with very simple techniques using traditional tooling like Mimikatz which is publicly available.
With Varonis DatAdvantage for Directory Service, DatAdvantage for Windows, Data Classification, GDPR, DatAlert Suite and Edge, we would have detected in the early stages and avoid a massive leak.
All our TM and contextual information (Permission, audit logs on data, DNS, Proxy and AD, classification, ...) and automatic incident response would have detected and avoid this:
- Intrusion
- Privilege escalation
- Lateral movement
- Reconnaissance
- Data exfiltration
You want us to demo this attack and show you our detection capabilities?
Guillaume Garbey, CISSP