{"id":348,"date":"2017-02-08T01:10:55","date_gmt":"2017-02-08T01:10:55","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=348"},"modified":"2017-02-08T01:10:55","modified_gmt":"2017-02-08T01:10:55","slug":"jtb-breach-leaks-7-93-million-customer-related-records","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/jtb-breach-leaks-7-93-million-customer-related-records\/","title":{"rendered":"JTB Breach Leaks 7.93 Million Customer Related Records"},"content":{"rendered":"

Executive Summary<\/h4>\n

JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive personal information to include customers’ names, addresses, and email accounts. Additionally, the local media outlet Japan Times<\/em>, stated that passport information was also leaked in the attack disclosing more than 4,300 valid passport numbers.<\/p>\n

The official announcement revealed that the source of the attack was a targeted email phishing campaign which consisted of an JTB employee opening an email attachment that included a particularly stealthy trojan known as PlugX that was then executed and spread throughout the network to infiltrate the company’s database system.<\/p>\n

This attack vector was a standard phishing campaign were the attacker sends an email to the target with an attachment that includes a trojan or strain of malware from a particular malware family. The victim is then tricked into opening the attachment and thus executes and deploys the trojan infecting the host computer and potentially the entire network infrastructure. The following diagram identifies the standard campaign process:<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

What Is PlugX?<\/h4>\n

PlugX is a multi-function remote access trojan (RAT) that can trace back to at least 2012 and is often bundled with many legitimate applications. Moreover, PlugX can permit for the following nefarious functions: keystroke logging, screen capture, web operation, port listening, disk information acquisition, and database information theft.<\/p>\n

\u00a0PlugX Deployment Analysis<\/h4>\n

The sample can be started as a service named Quest Software Service or as an automatic startup item after being configured in the registry. In the sample, the HTTP, TCP, UDP, and ICMP protocols are used for data transmission. The HTTP and UDP protocols are first used for sending data to the specified IP address. When the connection fails, the UDP protocol is used instead. The sent data includes cipher-text information and plain-text information.<\/p>\n

Additionally, the PlugX permits for acquiring information such as computer name, user name, CPU information, user token, memory information, operating system, and system time. Such information is compressed and sent in encrypted manner. After the connection is successfully established, the data is received in compressed format (decrypted by using a decompression function), and then returned as commands to implement functions (information returned by the commands varies with directives). The analysis is as follows.<\/p>\n

Started as a service:<\/h4>\n

\"\"<\/a><\/p>\n

Configured as an automatic startup item:<\/h4>\n

\"\"<\/a><\/p>\n

Use of different communication protocols:<\/h4>\n

\"\"<\/a><\/p>\n

Configuring a keyboard hook:<\/h4>\n

\"\"<\/a><\/p>\n

Network IP address and domain information:<\/h4>\n

\"\"<\/a><\/p>\n

Creating a service:<\/h4>\n

\"\"<\/a><\/p>\n

Checking whether administrative privileges are available:<\/h4>\n

\"\"<\/a><\/p>\n

Obtaining the keyboard type:<\/h4>\n

\"\"<\/a><\/p>\n

Detection result by NSFOCUS TAC (Threat Analysis Center):<\/h4>\n

\"\"<\/a><\/p>\n

NSFOCUS Solution for Removing Trojans<\/h4>\n
    \n
  1. Short-term service: NSFOCUS engineers provide the onsite trojan backdoor removal service (manual services, NIPS, and TAC). This service can immediately eliminate the risk points within the network, control the impact, and provide an analysis report.<\/li>\n
  2. Mid-term service: NSFOCUS provides risk monitoring and preventive maintenance inspection (PMI) services for 3\u20136 months (NIPS, TAC, and manual services). This service can eradicate risks and ensure that the event does not recur.<\/li>\n
  3. Long-term service: NSFOCUS provides risk solutions for the fund industry (threat intelligence, attack tracing, and professional security services).<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive […]<\/p>\n","protected":false},"author":1,"featured_media":7809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[7,15],"tags":[],"class_list":["post-348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-events","category-research-reports"],"acf":[],"yoast_head":"\nJTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2017-02-08T01:10:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"JTB Breach Leaks 7.93 Million Customer Related Records\",\"datePublished\":\"2017-02-08T01:10:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/\"},\"wordCount\":547,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/JTB1.jpg\",\"articleSection\":[\"Global Events\",\"Research & Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/\",\"name\":\"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/JTB1.jpg\",\"datePublished\":\"2017-02-08T01:10:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/JTB1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/JTB1.jpg\",\"width\":1800,\"height\":1100,\"caption\":\"JTB logo over scenic mountain landscape.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jtb-breach-leaks-7-93-million-customer-related-records\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"JTB Breach Leaks 7.93 Million Customer Related Records\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS","og_description":"Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an","og_url":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/","og_site_name":"NSFOCUS","article_published_time":"2017-02-08T01:10:55+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS","twitter_description":"Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"JTB Breach Leaks 7.93 Million Customer Related Records","datePublished":"2017-02-08T01:10:55+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/"},"wordCount":547,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","articleSection":["Global Events","Research & Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/","url":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/","name":"JTB Breach Leaks 7.93 Million Customer Related Records - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","datePublished":"2017-02-08T01:10:55+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/JTB1.jpg","width":1800,"height":1100,"caption":"JTB logo over scenic mountain landscape."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/jtb-breach-leaks-7-93-million-customer-related-records\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"JTB Breach Leaks 7.93 Million Customer Related Records"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=348"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/348\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/7809"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}