![]() (We’ll revisit this time gap later, as it’s important to the question of who the attackers were.)įrom May through July of 2017, the attackers were able to gain access to multiple Equifax databases containing information on hundreds of millions of people as noted, a number of poor data governance practices made their romp through Equifax’s systems possible. It wasn’t until in what Equifax referred to in the GAO report as a “separate incident” - that attackers began moving from the compromised server into other parts of the network and exfiltrating data in earnest. However, the attackers don’t seem to have done much of anything immediately. Mandiant warned Equifax about multiple unpatched and misconfigured systems, and the relationship devolved into in acrimony within a few weeks.įorensics analyzed after the fact revealed that the initial Equifax data breach date was March 10, 2017: that was when the web portal was first breached via the Struts vulnerability. While it isn’t clear why the patching process broke down at this point, it’s worth noting what was happening at Equifax that same month, according to Bloomberg Businessweek: Unnerved by a series of incidents in which criminals had used Social Security numbers stolen from elsewhere to log into Equifax sites, the credit agency had hired the security consulting firm Mandiant to assess their systems. ![]() Equifax’s IT department ran a series of scans that were supposed to identify unpatched systems on March 15 there were in fact multiple vulnerable systems, including the aforementioned web portal, but the scans seemed to have not worked, and none of the vulnerable systems were flagged or patched. On March 7, the Apache Software Foundation released a patch for the vulnerabilities on March 9, Equifax administrators were told to apply the patch to any affected systems, but the employee who should have done so didn’t. If attackers sent HTTP requests with malicious code tucked into the content-type header, Struts could be tricked into executing that code, and potentially opening up the system Struts was running on to further intrusion. In that month, a vulnerability, dubbed CVE-2017-5638, was discovered in Apache Struts, an open source development framework for creating enterprise Java applications that Equifax, along with thousands of other websites, uses. To understand how exactly all these crises intersected, let’s take a look at how the events unfolded.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |