The Orbitz Attack & the Visibility Achilles Heel

You’ve Been Breached – Welcome to the Club

“Your account information may have been compromised.” Expedia subsidiary Orbitz welcomed 880,000 users who made online purchases as potential new members to the ‘I’ve been hacked’ club this week. It’s another headline that didn’t surprise anyone in the security industry, but which is surely causing executive management to sweat under their collars and Orbitz users to scramble to check accounts, change passwords, change credit cards and maybe even jump ship.

And while ransomware might make for a more dramatic story by bringing critical organizations to a standstill (i.e. hospitals), we think this is pretty dramatic too. The personal data of thousands of unsuspecting consumers sold in bulk on the dark web and downloaded at a shady internet cafe in Nigeria, or a college computer lab in Russia, certainly makes for a good story…

If a Tree Falls in a Forest and No One Is There to Hear It, Does It Make a Sound?

But what’s most dramatic, is that these breaches, which the company said took place on one of its legacy platforms between January 1 to June 22, 2016, and October 1, 2016 to December 22, 2017 – were only discovered on March 1, 2018, when Orbitz security researchers were investigating another issue.

And parent company Expedia itself is no stranger to hacks, having previously fallen victim to a rogue insider, a former IT staffer who used his access to target devices and data in the accounts of certain senior management members – including the CFO – for the years spanning 2013-2016. He continued accessing the accounts even after he had left the company, and used the confidential information he gained to profit by making knowledgeable trades of stock options.

Visibility is the Name of the Game

Orbitz, Expedia and other hacks before them should be used as lessons in best security practices – and number one on the list of core best practices is visibility. If you have a blind spot in the system, you may as well be playing blind-man’s buff – and your security solution will be hit-or-miss – with the missing of something substantial becoming a matter of time. Suspicious activity on the endpoint, traffic on the network, or behavior on the part of a user, should all throw up immediate red flags.

Pin-Point Visibility and the Full Picture

Of course, true visibility also comes down to getting the full picture of an attack-operation over time: when and where did the breach occur, what data has the hacker accessed, which user accounts have been compromised, etc… Getting this information is even more challenging when relying on multiple security solutions not necessarily ‘speaking the same language.’ A solution covering the four core areas of Endpoint Detection & Response, Network Analytics, User & Entity Behavior Analytics, and Deception gives security IT teams a clear view of the information they need to make the right decisions for their organizations.

Proactive, Rapid Response and Automated Remediation

Forensic investigations need to be quick and breach response even more rapid. A proactive (as opposed to reactive) security solution offering automated rules-based response gives teams control over when and how to react. Automated remediation capabilities mean that security professionals can focus their attentions on whatever needs to be done, without stopping for every alert that comes in.

Cyber Hygiene

With all the attacks in the news, it’s easy to assume that being hacked is a part of doing business. But the organization that follows smart cyber hygiene can avoid most of these situations – and stop breaches that do get through before damage is done. Assume that the vendors and associated platforms your organization works with are less than secure. Keep your systems up-to-date with the latest patches and a robust, full-visibility security solution.  And keep your organization out of the cyber breach headlines.

Recent Posts