December 01, 2015//Ellen NeveuxLast Updated: October 12, 2020
Starwood data exfiltrated through insecure third-party connections
Starwood Hotels and Resorts recently notified patrons of data lost to hackers who compromised Starwood systems as early as November, 2014. Lost data—and malware—are critical threats to businesses that use third-party vendors.
On November 20, Starwood informed consumers about the discovery of malware on computer systems involving Sheraton, Walt Disney World Dolphin, Weston, St. Regis, and W hotel properties. While news of any data loss can cripple business relations, this announcement came just four days after Marriott International and Starwood announced a merger, involving a $12.2 billion buyout of Starwood by Marriott.
With hackers netting both debit and credit information, the security codes, expiration dates, card numbers and cardholder names were exfiltrated through insecure third-party connections, like those in restaurants and gift shops of the Starwood properties. Similar to the well-known Target data breach, the malware responsible was located on point-of sale machines. Starwood does not believe its membership or guest registration files were compromised but cannot be certain.
Starwood is not the only hotel chain targeted for data intrusion. As we discussed earlier, Trump Hotels reported seven of its properties were compromised by malware for over a year. Hilton Hotels, Mandarin Oriental, and White Lodging, all investigated data breach events this year.
While malware is used to siphon away proprietary, business and personal data, it is also surreptitiously used to build back doors into SaaS platforms. This form of infiltration is particularly dangerous because the compromise of an enterprise or security platform may leave users vulnerable to data theft—or covert, long-term exfiltration activity.
A recent example of a critical SaaS hack occurred at LANDESK, a well-known and popular enterprise management and security platform. On November 25, LANDESK notified users of “unusual activity” discovered on its IT systems. The hack was identified after LANDESK employees complained of a network slowdown, and a LANDESK developer requested information about LANDESK IT activity on his server.
According to security blogger, Brian Krebs, the system logs at LANDESK suggest the security breach occurred in June, 2014, and that significant archiving of source code had taken place in the intervening time.
LANDESK promotes its security tools as effective against “multiple security and zero-day threats…[and] ensures your user environment is stable and secure.” In its message to users, LANDESK encourages potentially affected parties to:
The Starwood and LANDESK hacks illustrate how malware is used to gain information—and possibly create permeable thresholds between hackers and enterprise—through point-of-sale and SaaS platform contacts.
While Starwood announced outright which commercial properties were impacted by the hack against that brand, LANDESK notes, “we can’t comment on the specifics of the investigation.”
It remains unclear whether secrecy or exposure is a better business tactic for containing reputation and asset damage to businesses under cyber attack. What is clear, though, is the importance of preventing such attacks.
At SecureLink, we focus on secure products for technology providers and enterprise to improve processes, reduce costs, and maintain network coherence. High definition audit service and defined user access give you fast, accurate information about your system—and who is using it. Whether you want to ensure secure contact with your vendors—or provide secure services to your client—SecureLink is the leader in remote access solutions.
Request a demo today to see third-party remote support software in action.