The Equifax Breach and What Went Wrong

What happened? 

It appears that the attack vector used to breach Equifax was from an unpatched web server.  Equifax uses the Apache Struts Open Source Project to run their web servers.  While Equifax is blaming the vulnerability on the Apache Struts platform, Apache Struts claims that they have had a patch out since March 7th, 2017, and that the breach was due to Equifax’s failure to install the security patch.

  • A few facts about the size of this breach: 143 million Americans were affected.
  • US population for 2016, according to the US Census Bureau, was 323 million.
  • Population over the age of 18 is 242 million.
  • The media has been reporting that 46% of the population is affected.  The fact is, that almost 60% of the population over the age of 18 is affected.

Related: Cybercrime By the Numbers

What you should consider doing if you are affected by the breach?

If you are among those that are affected by this breach, here are some things you should consider doing to protect yourself.

There are three major credit reporting companies, so you can freeze and thaw your credit, as needed, with these companies.

Whenever a new credit card application is created, bank account opened, or a major purchase is financed, a credit report is pulled.  If your credit is frozen, these companies won’t be able to pull a credit report and will deny the application or purchase.

You can request credit reports from these companies yourself.  Last time I checked, you can request one, free report every year.

With there being three companies, if you ask each company for a report every 4 months, you’ll be able to monitor your credit for free, regularly throughout the year.  You should also be monitoring your banking and credit card activity on a regular basis.

Many of these companies offer to send you email or even text alerts if there is any activity.

How are the criminals going to exploit the data they stole?

At a high level, the 143 million user list will be divided into many smaller lists.

These lists will be sorted and classified by different demographics, and then sold on the Dark Web.  The Dark Web is an area of the web where users can stay anonymous and conduct criminal activity.

List pricing will be based on the demographics of the victims, where premium demographic lists will sell for more than just bulk miscellaneous lists.

It is important to realize that these lists will be circulating for many years.

It would be a big mistake to assume that if your identity hasn’t been stolen within a year, you are safe. It could be three, or even five years, before your name ends up on a hacker’s list that will attempt to use your identity.

You need to always be monitoring your credit and bank account activity.

The basics to protecting your network data:

If you have been following the Quanexus Blog or my newsletters, you are familiar with what I call our Q-Security Stack.  What is most important to a company, is not the server or the computers, it is their data.  The data is stored on a server, the server is controlled by an operating system, on which, software applications are running.

It is critical to keep the servers and workstations patched.  Patches (updates) fix two issues: they fix stability issues in the programs, and they fix vulnerabilities (the root cause of the Equifax breach).

The next protection layer is the anti-virus/malware protection.  This layer attempts to block malicious code from taking advantage of a vulnerability, such as a system missing a patch, or a patch that has not yet been released.

The other layers include: the firewall, backup, security awareness training, and policies/procedures.

If the Equifax servers were properly patched, this breach could have been avoided.

Related: Don’t Use the B Word

Follow us on FacebookTwitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.

Posted by Jack Gerbs