Equifax 2017 Data Breach

Published on February 04, 2019

data breach general

2 min READ

Hey Everyone,

I hope y’all have had a great start to 2019! I’m going to discuss an article about the 2017 Equifax Data Breach in this blog post that illustrates how important basic security measures are. The article is titled Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report by Zack Whittaker and I have provided a link to it at the bottom of this post.

This article states that Equifax “failed to patch a disclosed vulnerability in Apache Struts” which is one of the first and most basic tasks for security and IT operations teams to complete. Patching servers and applications should be the foundation of any cybersecurity policy as it helps in remediation of possible vulnerabilities and mitigating any corresponding threats to those vulnerabilities. This article states that the attackers used a web shell to retain access for more than two months! This cannot happen with the detection methods that are available to companies now at a reasonable price. This also includes homemade custom scripts and jobs created by employees to alert based off of behavior signatures. The article also mentions that the device that was used to monitor the network traffic was inactive for months due to an expired certificate! Again, there is no reason for this to occur with the proper procedures in place. There should be monitoring around the different components of a PKI infrastructure that would include the expiration dates of server and application certificates. This article goes on detailing the many shortcomings of Equifax’s environment with too much to cover in this post. Please feel free to read the article and discover how following the basic recommendations of a cybersecurity plan could have prevented the exposure of millions of consumers’ private identifiable information. Contact me if you would like to have further discussions about this breach :)

If you are reading this blog and you are unsure if you have all of your bases covered in the event that a cyber attack occurred in your environment, then I recommend using the NIST cybersecurity framework as a baseline for determining the gaps in your current policies, procedures, and infrastructure (NIST).

This is the article that covers the 2017 Equifax Data Breach: click here

Don’t get stung,

-Security Sting