Tech Support

Marriott Hack: RDP, Telnet/SSH Exposed on Open Internet

This past Friday, hospitality juggernaut Marriott announced its Starwood guest reservation database had been compromised in one of the biggest data breaches ever recorded. Here a summary of the damage:

  • Hackers have been accessing the Starwood network since 2014

  • Personal data of as many as 500 million customers has been stolen, including payment card information, addresses, and passport numbers

  • Payment card information had been encrypted with AES-128, but the attackers are potentially in possession of the encryption keys as well

  • It is undetermined whether the breach was for-profit or if the attackers were state actors collecting information for intelligence purposes

  • Marriott now faces multiple class action lawsuits, regulatory fines, and legal investigations

However, here’s a little tidbit of information that has flown under the radar in many reports of the incident...

In a reply to @briankrebs, cybersecurity influencer Kevin Beaumont (@GossiTheDog) revealed Marriott maintained external facing RDP — even after they had become aware of the gargantuan data breach:

This oversight is a known attack vector commonly exploited by malicious actors. When an organization allows access to RDP ports beyond their firewall, attackers jump on the opportunity to break through RDP’s minimal defenses via brute force, dictionary, and exploit attacks. RDP is not a secure remote access solution and is clearly insufficient for external use as it lacks many of the necessary features to prevent and protect against unauthorized access.


FREE WORKBOOK DOWNLOAD — "Securing Remote Access: Basic & Advanced Strategies"


To make matters worse, @j_opdenakker points out another glaring security risk:

Security experts have been sounding the alarm over open RDP and Telnet ports for years. Microsoft's remote desktop protocol (RDP), and the even older Telnet protocol, are well known threat vectors. These technologies provide easy access into remote devices, but lack critical security measures to ensure remote users have been properly authenticated and authorized. Logging features are also notoriously absent making after-action reporting and analysis difficult.

This recent breach of Marriott's systems may not be related to open RDP and Telnet Ports in their networks, but those open ports paint the picture of an organization with a laissez faire approach to network security that at best will cost Marriott tens of millions of dollars and may prove to be criminally negligent.

No single solution or one-time action will protect an organization from cyber threats and bad actors. Eliminating threat vectors by closing ports targeted by cyber-criminals is just a start. If you are interested in learning more about protecting your network, take a look at our new workbook "Securing Remote Access: Basic & Advanced Strategies," and subscribe to this blog.


October 2, 2018 at 11:12 AM
In "RDP ransomware", "rdp security", "Secure remote access", "IT Security", "rdp", "RDP attack vector", "rdp hack", "RDP security risk"
July 7, 2017 at 10:38 AM
In "data breach", "Financial Services", "Financial Technology", "Government Technology", "Health Technology", "network security", "POS", "pos security", "Remote Support", "Retail Network Security 2017", "Network Security", "Cybersecurity", "data security", "Industrial Technology", "IT Security", "retail network security", "Retail Technology"
July 13, 2016 at 11:45 AM
In "Netop Remote Control", "data breach", "Data protection reform", "EU Data Protection", "EU Data Protection Directive", "EU Data Protection Reform", "EUDPD", "Europe data protection", "Europe data security", "European Economic Area Data Protection", "Michael Stranau", "network security", "Remote Support Software", "Remote Support", "Network Security", "Netop", "data security", "Remote Access", "remote control SaaS", "Remote control software", "Remote desktop SaaS"

Subscribe to Email Updates


Birkerød, DK
Portland, OR, US
Bucharest, RO
Manila, PH

Americas: +1 866 725 7833
Worldwide: +45 8987 4424

Our Tweets