Agoda’s Insider Look at Cybersecurity Battles
As a major player in the industry, Agoda deals with a wide range of cyberattacks, both from global sources and those specifically targeting the travel sector. With the travel industry bouncing back post-COVID-19, hackers have taken notice, resulting in a significant surge of attacks, surpassing the number observed during the lockdown period.
This week, Agoda hosted an exciting security tech talk titled “Decoding Cyberattacks: Exploring the Hacker’s Perspective.” Our speakers, Guy Fridman, Director of Security Operations and Response, and Ankit Anubhav, Staff Malware Researcher from Agoda IT Security, provided deep insights into the world of cyberattacks and how Agoda effectively tackles these threats. This blog post summarizes the key points discussed during the talk.
Watch the full talk for insights into the challenges we face and how we decode cyberattacks from the hacker's perspective.
How Agoda Deals with Cyber Threats
To bolster our defense and detection strategies, here are a few ways we deal with threats.
- We employ several measures to reduce attack vectors. Browser extensions are denied by default unless explicitly approved, and new software undergoes a rigorous security evaluation process. Agoda maintains a carefully curated and minimal whitelist to minimize blind spots, considering the instances of malware found on popular cloud storage and collaboration platforms. Role-based access ensures that individuals have access only to the tools and technologies necessary for their roles.
- Password stealers pose a significant threat on a daily basis. To counter these attacks, Agoda has adopted a predominantly password-less approach, combined with multi-factor authentication (MFA). Additionally, we actively monitor the dark web for compromised credentials associated with our platform.
- We adopt a proactive approach to hunting down threats. Instead of assuming “all is well,” we start by assuming an attack has bypassed our defenses and then work to prove it. We simulate and replicate attacks not yet encountered in the wild, ensuring comprehensive coverage.
- Agoda’s products are designed to detect attacks at every stage of the attack cycle, ensuring redundancy even if one or more defense mechanisms fail. We collaborate with vendors to address detection gaps and continually educate employees who fail phishing tests or fall victim to social engineering. Regular red and purple team exercises provide fresh perspectives on our security posture.
Hackers’ Tactics You Need to Know
Hackers gravitate towards unsolvable tricks, abusing features that work as intended. Examples include PowerShell and macro abuse, and the use of Right to left languages and homoglyphs. To stay ahead, hackers regularly shift strategies and deploy anti-playbook techniques.
Collaboration among hackers is common, with well-known programs such as Cobalt Strike and Redline being customized. Social engineering plays a crucial role, with hackers stealing and copying each other’s tactics. It’s essential for defenders to focus on what doesn’t change versus what changes.
Conclusion
While attackers deploy various advanced tricks to evade threats, social engineering stands out as the ultimate trick and the entry point of most attacks, ranging from password stealer to ransomware. Tracking our enemies and a special focus on targeted attacks is important, as they often tend to get lost in a high volume of attacks. Not all campaigns pose equal risk, and the attack volume alone can be misleading.
Agoda profiles threat actors, calculating risk scores based on volume, complexity, bypass probability, impact, and social engineering realism. Hacker profiles are regularly updated to align with the evolving threat landscape, enabling threat hunting, infrastructure takedown, and intelligence sharing within and beyond the organization.
Watch other Tech Talks on YouTube here.
Acknowledgments
Special thanks to Ankit Anubhav and Guy Fridman for sharing their insights and contributions during the tech talk.
