Data breach roundtable | Addressing the Threats

Following various reports back in September that Singapore-based hotel management platform, RedDoorz had suffered a data breach, a threat actor is now said to be selling a database from the company containing 5.8 million user records on a hacker forum. Security on Screen’s panel of cybersecurity experts explain what the hotel platform’s security teams and users should be doing to ensure personal details are not further exposed.

“In today’s security landscape, organisations and their security teams are out gunned by the attackers in terms of resources and skills,” says Dan Panesar, Director UK and Ireland at Securonix. “The RedDoorz data breach is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information including, personal details, email address, passwords and phone numbers – all the essentials to targeted identity fraud on its customers. Furthermore, if customers have used their work address for example to register with the site again this poses threats to any organisation from a targeted spear fishing attack to plant malware in an attempt to gain unauthorised access to the employer’s network.”

User awareness 

Initially, users of RedDoorz platform are advised to take control of their own safety. “While it’s believed that the data sample did not include any financial data, there is other data that can still be used against individuals,” notes Boris Cipot, Senior Security Engineer at Synopsys. “Email addresses, for instance, can be used in phishing campaigns, where individuals may be lured to give away further personal data. Exposed passwords could also pose a threat if they are reused on other services. As such, do not let your guard down. Do not open email attachments or click on links in emails without thinking twice.”

If users are overwhelmed with the number of services and passwords, a password manager is highly recommended. “These password managers not only help users keep track of their passwords, but they can also be used to generate strong and secure passwords,” adds Chris Hauk, Consumer Privacy Champion at Pixel Privacy. “A strong, unique password is a user’s best weapon against being hit with identity theft or similar online threats caused by data breaches like these.”

In addition, Hauk suggests: “Users should be aware that phishing attacks may be directed against many RedDoorz users as a result of the email addresses leak. They should also keep a close eye on their credit and bank accounts, as well as keep a watch out for any unauthorised accounts being opened in their name.”

The risk of ransomware 

The attack on RedDoorz’ systems further confirms the direction that ransomware gangs have taken recently. “Ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay,” explains Chad Anderson, Senior Security Researcher at DomainTools. “When sitting on a treasure trove of sensitive customer information, attackers know that the looming threat of privacy laws like GDPR could be more of a financial hit to a firm than simply paying the ransom requested.

“Couple that with the lack of consumer trust from such a breach and you have a rather strong incentive for victims to pay millions to keep their businesses afloat,” he continues. “This all comes of course with an increasing number of businesses paying, further incentivising attackers to use this extra leverage.”

“At this point, every organisation should have a game plan for a successful ransomware attack,” notes Paul Edon, Senior Director of Technical Sales and Services (EMEA), at Tripwire. “As with most cyberattacks, prevention is better than response. Ransomware doesn’t usually succeed because the attacker is highly skilled, but because the defences aren’t in place.

“Take the time to review how hardened your systems are, how trained your staff is, and what your vulnerability profile looks like. If you can’t answer those questions, then build a plan that enables you to get answers.”

Securing a solution 

It appears that for a breach like the RedDoorz case, security teams need to spend less time managing the systems and more time addressing the threats. “One clear way to face threats like this is using behavioural analytics to spot abnormal behaviour before it causes real problems,” suggests Panesar.

“Secondly, using automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to attacks.”