A powerful reputation hit was received last week by the US credit bureau Equifax, which suffered as a result of one of the most massive user data leakage in recent years. The company, which until recently claimed that using its services customers “will feel more secure,” allowed the theft of personal information 143 million US citizens. With a total population of 324 million people, this incident has a grand scale. In addition, the data of resident customers of Canada and the United Kingdom were stolen.
Data theft was discovered by the company back in July, but only this week Equifax issued a statement about the incident. At the same time, an internal investigation showed that unauthorized access to user data was received by cybercriminals in mid-May. Cybercriminals got access to critical information about users, including names, dates of birth, places of residence, social security numbers.
In addition, Equifax confirmed more than 200,000 cases of data leakage of customer payment cards.
The company confirmed that the attackers could compromise the company’s web application by exploiting the vulnerability on it and gaining access to client databases. What vulnerability was exploited during the attack is not specified, but in the technical report of William Baird & Co., that it could be a vulnerability of Apache Struts.
The Quartz news site, in its publication, indicates that the attack was exploited by CVE-2017-0985, which was known for more than 8 years.
To this, the developer, the Apache Software Foundation, stated in his official blog that at the moment it was not established which vulnerability was exploited in the attack, while CVE-2017-0985 was published on September 4, 2017 and at the time of the incident (July 2017) was a zero day vulnerability.
Speaking about the vulnerabilities in the IT infrastructure of Equifax, it is worth noting that the user x0rz in his tweet from 08.09.2017 indicated that the XSS vulnerability that is still present on the company’s website at the time of publication was discovered on this web resource in the March 2016, but has not yet been eliminated, despite the fact that information on its availability was reported to Equifax.
According to the publication of Bloomberg, at the moment a trial has begun against Equifax. Estimated amounts of possible compensation to affected customers are already estimated at billions of dollars.
“We apologize to customers and business partners for the inconvenience and frustration that this incident has triggered,” said Richard Smith, CEO of Equifax, in a video message.
Summing up, it can be stated that the reason for this lamentable situation was the belated detection, risk assessment and response to the incident. The known vulnerabilities have not been eliminated, the analysis of atypical and suspicious activity in the network of the organization that could show the activity of intruders, the assessment of access to critical data was not carried out. After the incident, company management hid it from its clients for a long time.
In order to avoid this situation, Integrity Vision proposes using QualysGuard’s vulnerability management system from Qualys. The Web Application Scanner of the QualysGuard solution will detect and take action to address the vulnerabilities of Web applications, and the Vulnerability Manager module for vulnerabilities in other IT infrastructure objects.
SIEM IBM QRadar will help to track suspicious activity within the network. The application of IBM QRadar User Behavior Analytics will ensure the transparency of tracking internal threats in the early stages and will give a clear understanding: whether the identity or systems of the company were hacked by criminals, or not.