The Week in Breach December 6 2018

This week we report on Marriott’s massive breach, the indictment of those responsible for many SamSam attacks across the U.S., and hackers switching targets.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Finance and Insurance (13%)
Top Employee Count: 11-50 employees (45%)

Global Breach – Marriott

Exploit: Supply chain breach.
Marriott: The largest hotel chain in the world, “30 hotel brands now fall under the Marriott umbrella to create the largest hotel chain in the world with more than 5,800 properties and 1.1 million rooms in more than 110 countries. That’s more than 1 out of every 15 hotel rooms around the globe.”

correct severe gauge Risk to Small Business: 1.444 = Extreme: Considering how damaging this breach will be to Marriott, the largest hotel chain in the world, it is safe to say that the ramifications of a breach as severe as this one has the potential to cripple a small business. One of the most damaging parts of this breach is that there has been unauthorized access to the Starwood network since 2014, meaning a bad actor, or group of bad actors, has been siphoning off data for years without being detected.
correct moderate gauge Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of phishing attacks. Identity theft is also a very real possibility due to the amount of information accessed, including passport numbers. The passport numbers alone could fetch a good price on the Dark Web.

Customers Impacted: Approximately 500 million.
How it Could Affect Your Business: The length of time information was being accessed is one of the most damaging parts of this breach, as well as the massive scope. The largest hotel chain in the world has been compromised since 2016 (although Starwood, the compromised subsidiary has been compromised since 2014, Marriott purchased the brand in 2016). Those who were affected by the breach are likely to avoid the chain in the future and those who are not will certainly be more hesitant.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more:

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – Just Urban

Exploit: Exposed database.
Just Urban: A London-based startup, used for booking massages.

correct severe gauge Risk to Small Business: 2 = Severe: The damage dealt by this breach to a small or new business could stunt the growth of the company and even cause a loss of clients. Some of the data exposed included complaints about clients. While it is important for the employees of a massage company, especially one that goes to a person’s home, to share if a certain client is inappropriate – most organizations could face severe backlash from their customer base if complaints about them surfaced.
correct moderate gauge Individual Risk: 2.714 = Moderate: In some cases, the individuals affected by this breach had complaints about them recorded by the massage therapist. These complaints can be embarrassing, but often times the complaints were in reference to the client’s actions towards the massage therapist. Some of the complaints included: requesting “sexual services from therapist”, with some clients even being marked as dangerous. These complaints were tied to the client’s full name, phone number, postcode and address.

Customers Impacted: 309,000.
How it Could Affect Your Business:  In any organization, the exposure of complaints against customers is highly embarrassing in addition to being bad for business. The reasons why the complaints exist make sense in the context of the organizations operations but is still a damaging blow to the standing of the company with its clients. Most organizations would not have the justification for keeping such complaints on file, and NO organization can justify leaving a database exposed with sensitive business and client information. It could take years for an organization that experiences a breach such as this to recover and regain trust.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

In Other News:

IranIran SamSam Goes ByeBye
Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over $6million USD (7,981,320.00 CAD, 8,205,990.00 AUD, 5,278,320.00 EUR) and causing over $30 million USD ($39,906,600.00 CAD, $41,029,950.00 AUD, 26,391,600.00 EUR) in damages. SamSam is well known for its targeting of infrastructure, including hospitals. Here is a list of some of the targets during their spree:

City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP

The Evolution of a Phish
A new report has shed light on the fact that not only are email-based attacks on the rise, but they are spreading at an alarming rate. Cyber criminals have been shuffling their decks of targets, as 99% of the most heavily targeted email addresses this quarter are different than those targeted in Q3. The phishing emails now are more likely to show up in the inbox of your marketing, public relations, and human resources departments. The reasoning behind this shift is that these teams have access to information about earnings and employee records. It is important to stay agile in cybersecurity, as cyber criminals are always adapting to find new ways to compromise credentials and hack into organizations.

About Vic Levinson
Telecommunications and IT professional with over 27 years experience in Business Technology Solutions. Specializing in managed technologies solutions : hosted VoIP, cyber security, help desk, remote monitoring and maintenance, cloud work space and - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Comments are closed.

%d bloggers like this: