While it isn't clear why the patching process broke down at this point, it's worth noting what was happening at Equifax that same month, according to Bloomberg Businessweek: Unnerved by a series of incidents in which criminals had used Social Security numbers stolen from elsewhere to log into Equifax sites, the credit agency had hired the security consulting firm Mandiant to assess their systems. Equifax's IT department ran a series of scans that were supposed to identify unpatched systems on March 15 there were in fact multiple vulnerable systems, including the aforementioned web portal, but the scans seemed to have not worked, and none of the vulnerable systems were flagged or patched. On March 7, the Apache Software Foundation released a patch for the vulnerabilities on March 9, Equifax administrators were told to apply the patch to any affected systems, but the employee who should have done so didn't.
If attackers sent HTTP requests with malicious code tucked into the content-type header, Struts could be tricked into executing that code, and potentially opening up the system Struts was running on to further intrusion. In that month, a vulnerability, dubbed CVE-2017-5638, was discovered in Apache Struts, an open source development framework for creating enterprise Java applications that Equifax, along with thousands of other websites, uses. To understand how exactly all these crises intersected, let's take a look at how the events unfolded. Equifax did not publicize the breach until more than a month after they discovered it had happened stock sales by top executives around this time gave rise to accusations of insider trading.The attackers pulled data out of the network in encrypted form undetected for months because Equifax had crucially failed to renew an encryption certificate on one of their internal security tools.The attackers were able to move from the web portal to other servers because the systems weren't adequately segmented from one another, and they were able to find usernames and passwords stored in plain text that then allowed them to access still further systems.The company was initially hacked via a consumer complaint web portal, with the attackers using a widely known vulnerability that should have been patched but, due to failures in Equifax's internal processes, wasn't.A top-level picture of how the Equifax data breach happened looks like this: General Accounting Office, and an in-depth analysis from Bloomberg Businessweek based on sources inside the investigation. Most of the discussion in this section and the subsequent one comes from two documents: A detailed report from the U.S.
0 kommentar(er)
