News
Comment: Carnival hit by ransomware
August 2020 by Joseph Carson, chief security scientist at Thycotic
Following the news that cruise operator Carnival Corp have launched an investigation into a ransomware attack on one of its brand’s information technology systems, which included unauthorized access to personal data of guests and employees, the comment from Joseph Carson, Chief Security Scientist at Thycotic:
Imagine your worst nightmare, a global pandemic that shuts down majority of your business services and then cybercriminals gain unauthorized access to your valuable customer data and records then lock them using malicious ransomware well in today’s world. These nightmares do come to reality and the latest victim appears to be one of Carnival Corporations brands. Ransomware in the past year continues to be most organizations’ worst form of cyberattacks and they have even increased the attack to extortion, stealing the data that they also encrypt. This makes it more problematic even if the company has a solid business resilience plan, such as backups and secondary systems to restore operations, the cybercriminals then threaten to release the stolen data to the public internet exposing companies to potential regulatory fines if they failed to take appropriate security controls to protect the data in the first place.
Employees working remotely also increases the cybercriminals success at abusing unsuspecting victims of credential and password theft, which the cybercriminals can then use to gain unauthorized access to the companies networks. Privileged Access has increased in priority even more so with remote employees and 3rd party suppliers so it is important that companies can lock down access to corporate systems, reducing the risk of becoming the next victims. Don’t let your worst nightmare come true, at least put security controls that you can do today to prevent cybercriminals getting unauthorized access.
