2017 has seen more than a few major cyber attacks. From Equifax to Uber to WannaCry, millions of records have been breached. Here we explore the largest known data security breach, where it went off the rails, and what we can learn from it.
This summary is from an article posted by Calyptix.
Equifax Data Breach – 145.5 Million Accounts
Credit reporting agency Equifax aggregates financial data on more than 800 million consumers and 88 million businesses worldwide.
On July 29, 2017, the company detected and blocked suspicious network activity associated with a web portal used by U.S. consumers to file disputes.
Later analysis revealed the portal’s application framework, Apache Struts, was outdated and had a severe security vulnerability.
Equifax hired cybersecurity firm Mandiant to conduct a forensic analysis, which revealed a massive data security breach affecting 143 million U.S. consumers.
Further investigation later increased the number to 145.5 million – or about 45% of the U.S. population.
Severe Vulnerability Overlooked
Equifax was first alerted to the Apache Struts vulnerability (CVE-2017-5638) on March 8, 2017, more than two months before the breach started, according to testimony to a U.S. House subcommittee by from former Equifax CEO Richard Smith.
Equifax failed to act on the alert and apply the available patch. Seven days later, the company also performed vulnerability scans that failed to identify the flaw, said Smith.
Hackers launched the attack exploiting the vulnerability about two months later, on May 13, 2017.
By the time the breach was discovered in late July, hackers had accessed dozens of databases and created more than 30 backdoors into Equifax’s systems.
Security Takeaways
Know your systems – Equifax failed to realize an alert for a critical vulnerability applied to one of its web portals. A flaw that should have been patched within 48 hours went unpatched for months.
Scans Aren’t Enough – Equifax’s vulnerability scans, performed seven days after the Apache Struts flaw was public knowledge, did not identify the weakness in its web portal. This is why it’s important to perform multiple scans with different tools, and never rely on a tool to “handle” your security.
We encourage you to read summaries of the other major breaches on the original blog post here.
While there is no one solution to preventing a breach, there are many best practices that can greatly reduce the likelihood that you’ll become a victim, like a robust Disaster Recovery plan. We are experts in DRP and can help you build a communications network that is ready in the event of attack or natural disaster. Contact us today to learn more.