What Marriott International's breach teaches us about social engineering
We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!
Yesterday, one of the world's largest hotel chains, Marriott International, confirmed it suffered its second data breach of 2022. Databreaches.net broke the news after receiving an anonymous tip.
During the breach, which took place in early June, a malicious actor gained access to an employee's computer and obtained around 20 GB of data, including credit card details and personal information. confidential information about guests and employees, such as flight reservation logs.
The attackers, dubbed the Group With No Name (GNN), appear to have orchestrated a social engineering attack targeting employees working at the BWI Airport Marriott in Maryland (BWIA), and managed to trick one of them them to grant access to their computer.
Although the data breach only affected 400 people, it highlights valuable lessons for CISOs and security managers, especially regarding the threat posed by social engineering threats and the havoc that poor security awareness can wreak on an organization.
EventTransform 2022
Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.
register hereMarriott's latest breach highlights that human error is one of the greatest security risks to an organization. All it took to exfiltrate data from the organization was for the threat actor to manipulate an employee into giving them access to their device.
In cybersecurity, manipulation is one of an attacker's most effective weapons. Unlike exploits or brute force attacks that target endpoints or computer systems that can be patched or mitigated consistently, human beings are not perfect and easily make the mistake of transmitting login credentials or exploitable information. .
"Social engineering is one of the main mechanisms used by adversaries. It's simple and effective. And it means that the initial compromise depends on human behaviors and therefore cannot be prevented 100 % of the time," said Sarya Nayyar, CEO and founder of security operations and analytics provider Gurucul. "It only takes a successful compromise to bypass most preventive controls."
Social engineering scams are a type of manipulation attempt where an attacker aims to trick an employee into sharing confidential information, infecting their device with malware, or handing over their login credentials.
An example of this is a phishing scam, where an attacker sends an email trying to trick a user into clicking on a malicious attachment or visiting a phishing site.
The high effectiveness of these grassroots manipulation attempts is a key reason why the number of social engineering attacks reached 25% of total breaches in 2022, and why the human element (engineering social, errors and abuse) acc...
We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!
Yesterday, one of the world's largest hotel chains, Marriott International, confirmed it suffered its second data breach of 2022. Databreaches.net broke the news after receiving an anonymous tip.
During the breach, which took place in early June, a malicious actor gained access to an employee's computer and obtained around 20 GB of data, including credit card details and personal information. confidential information about guests and employees, such as flight reservation logs.
The attackers, dubbed the Group With No Name (GNN), appear to have orchestrated a social engineering attack targeting employees working at the BWI Airport Marriott in Maryland (BWIA), and managed to trick one of them them to grant access to their computer.
Although the data breach only affected 400 people, it highlights valuable lessons for CISOs and security managers, especially regarding the threat posed by social engineering threats and the havoc that poor security awareness can wreak on an organization.
EventTransform 2022
Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.
register hereMarriott's latest breach highlights that human error is one of the greatest security risks to an organization. All it took to exfiltrate data from the organization was for the threat actor to manipulate an employee into giving them access to their device.
In cybersecurity, manipulation is one of an attacker's most effective weapons. Unlike exploits or brute force attacks that target endpoints or computer systems that can be patched or mitigated consistently, human beings are not perfect and easily make the mistake of transmitting login credentials or exploitable information. .
"Social engineering is one of the main mechanisms used by adversaries. It's simple and effective. And it means that the initial compromise depends on human behaviors and therefore cannot be prevented 100 % of the time," said Sarya Nayyar, CEO and founder of security operations and analytics provider Gurucul. "It only takes a successful compromise to bypass most preventive controls."
Social engineering scams are a type of manipulation attempt where an attacker aims to trick an employee into sharing confidential information, infecting their device with malware, or handing over their login credentials.
An example of this is a phishing scam, where an attacker sends an email trying to trick a user into clicking on a malicious attachment or visiting a phishing site.
The high effectiveness of these grassroots manipulation attempts is a key reason why the number of social engineering attacks reached 25% of total breaches in 2022, and why the human element (engineering social, errors and abuse) acc...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
