Carnival Cruise Lines’ Long-Running Breach Problem

Prevailion - Carnival Cruise Lines - dashboard screenshot
18 August 2020

Carnival Corporation is back in the news again with another data breach. This time, the company disclosed in a recent 8-K filing that its network was compromised by an unnamed ransomware on August 15th which “encrypted a portion of one brand’s information technology systems” and “the download of certain of our data files.”

This is the second public disclosure Carnival has made this year. In March, it also disclosed a data beach from April 11 – July 23 2019 which gained access to employee email accounts containing sensitive information.

However, these are not the only network compromises with Carnival has recently experienced. Prevailion’s Apex platform, which monitors malware C2 activity, has been following a long-running compromise within the company’s network, which began as far back as February 2, 2020 – and was active even during the time when Carnival was disclosing the 2019 breach which had supposedly been remediated.

This activity continued for four months, during which time Prevailion made several attempts to warn Carnival’s network security team about the compromise activity. Altogether, Prevailion detected two types of well-known malware in Carnival’s network environment. The primary malware was a Trojan which was highly active between April 11 June 6, with Apex showing thousands of beacons during that time.

Overall, the malware beaconed 46,000 times. This compromise activity went quiet on June 7, which is either due to remediation efforts by Carnival or because the malware has shifted into a dormant state.

For those who would like to better understand this compromise activity, we encourage them to view the collected data in the Apex platform. You can also read Dark Reading’s report on the compromise activity.

Prevailion continues to monitor the situation.


Sign Up Now – Free Prevailion Account

Sign Up for a Free Account to access Prevailion’s Apex Platform — the World’s First Search Engine for historical and active global cyber attacks. Continuously monitor your organization and ANY third party for evidence of compromise.

The Latest

Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond

Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign.  UNC1151 is likely a state-backed threat actor [1] waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]

Prevailion CEO, Karim Hijazi- Biden’s Cybersecurity Strategy

Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.    

Prevailion CEO, Karim Hijazi- Tmobile Hack

Prevailion CEO, Karim Hijazi, talks about the T-Mobile hack and cloned SIM cards Karim Hijazi says T-Mobile’s breach is the largest in carrier history and discusses SIM swapping and other forms of identity theft.    

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.