Crims had 3-month head start on defenders in Oracle EBS invasion
The miscreants started their attack all the way back on July 10
Cybersecurity Month
9 Oct 2025 | 2
It's time for more disclosure
>> the intruders likely had a three-month head start on the defenders
I feel reasonably sure that American Airlines and Envoy take computer security pretty seriously. They likely have intrusion detection systems, anti-virus with 'heuristics' as appropriate, traffic analysis, auditing, and so on. If those systems cannot detect this sort of thing then it's time to name and shame them, because they are clearly not up to the job. It hardly matters if it is a zero day exploit if it is not noticed for three months.
This isn't being nasty towards AA. It seems from reports that 'dozens' of organisations were hit. So that probably means none of the systems works reliably against a crim who knows what he is doing. We see it with F5 - a security company isn't secure.
Biting the hand that feeds IT
