Story image

Equifax and its 143m customers just the ‘first known victims’

19 Sep 17

​The colossal breach in Equifax’s soft underbelly has made headlines around the world of late, largely because of the monumental amount of personal data involved – up to 143 million customers.

It has now been revealed the most likely route cybercriminals used to gain access to the honeypot, exploiting an Apache Struts CVE-2017-5638 vulnerability.

The stolen data may include Social Security numbers, birth dates, driver’s licenses, addresses and 209,000 credit card numbers – all of which may now be putting these people at identity theft risk for the rest of their lives.

What’s even more concerning though, is that Flexera asserts that not only was the vulnerability well-known, but a patch was available long before the attack.

Flexera says Apache Struts is a popular and widely-used open source component used by companies in commercial and in-house systems to take in and serve up data, making it a prime target for cybercriminals.

The suspected vulnerability was disclosed on March 7 and the patch was available at the same time – but this is not a novelty, as Flexera asserts the availability of patches at the time of disclosure of vulnerabilities is actually very common.

A study from Flexera found that in 2016, patches were available at the time of disclosure for a staggering 81 percent of vulnerabilities.

The real problem comes down to the simple fact that it takes users substantially longer to patch vulnerabilities than it does for hackers to start exploiting them – WannaCry anyone? Organisations continue to leave their windows wide open for hackers to climb in.

In the Equifax case, the company has identified the breach and is taking care of it. However, vice president of product management at Flexera, Jeff Luszcz says they are probably just the first known victims.

“Once a case like this hits the news, it ignites the fire in the cybercrime community and hackers start poking around for new opportunities,” says Luszcz.

“We should expect a long tail of incidents and breaches in the months – and potentially years – to come. As we still see attacks targeting Heartbleed, a vulnerability more than three years old.”

If nothing else, this massive breach serves as a vital reminder for business leaders to radically rethink their vision of cybersecurity as the incidents we see increasingly reveal the neglection of basic security best practices – making the job easy for hackers and hard for security professionals.

Senior director of Secunia Research at Flexera, Kasper Lindgaard says patching this type of vulnerability is certainly not as simple as patching a desktop application, but it’s certainly something business leaders need to address sooner rather than later.

“When it comes to vulnerabilities affecting the software supply chain, it’s important to align software design and engineering, operational and security requirements. This isn’t an easy task,” says Lindgaard.

“However, the time frames of initial disclosure of the vulnerability and its patch on March 7 – up to two months before the first reported unauthorized access at Equifax, and the further delay of the actual detection of the breach on July 29 – currently indicates that the vulnerability was not handled with the priority that it should have.”

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.