Equifax Cyberattack: A Short Synopsis of this Attack and its Potential Impact on your Business

On March 2, 2017, the Apache foundation disclosed (initially reported by security researcher Nike Zheng et al via – https://cwiki.apache.org/confluence/display/WW/S2-045 and https://cwiki.apache.org/confluence/display/WW/S2-046) that a critical vulnerability, with multiple vectors, exist in the Jakarta based file upload Multipart parser used in Apache Struts2, that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value.

Apache advised all customers and networking equipment manufacturers that have OEM-ed this application into their products e.g. Cisco, to immediately patch their systems and upgrade to Apache Struts version 2.3.32 or 2.5.10.1.

Between March 10 and April 19, 2017, Cisco issued patches to its product line that were susceptible to this vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2.

Equifax confirmed that it was aware of this vulnerability as of Match 8, 2017 and proceeded to patching some of its vulnerable devices. It unfortunately didn’t patch all its affected servers and one of them was targeted by a cyberattacker who gained access to Equifax’s 143 million customer data, which includes, customer names, addresses, social security numbers, credit card numbers, credit scores etc. by exploiting this vulnerability.

Equifax Chairman and Chief Executive Richard Smith has called the crisis the “most humbling moment in our 118-year history.” Some lawmakers have called for his removal, and investors have shrunk Equifax’s stock-market value by about $6 billion, or more than 33%, in the past 10 days.

Equifax has since fired its CIO and Chief Information Security Officer. On the long run, this may, in fact, be the beginning of the end of Equifax because it has lost all credibility with customers and the market, both of whom no longer trust the integrity of its data. To put this into perspective, it is not incredulous to think that the attacker might have altered some Equifax data to increase, or decrease credit score ratings. Hence, this single cyber attack is essentially undermining one of the United States’ fundamental financial asset which if completely eroded, will eliminate a key component in financial risk analysis shutting down the country’s entire credit lending system.

Conclusion:

The need for a network maintenance service provider that is both independent, and capable of providing lifetime software integrity maintenance and cyber-defence services cannot be over-emphasised.

The fact of the matter is that at least 30% of every in-production corporate and governmental Internet network routers, switches, firewalls and servers are no longer software-maintained by the equipment manufacturers (nor their partners, some of whom offer outsourced network managed services), making them potential entry-point (sitting ducks) for cyber-attackers to gain access to your network and all corporate data.

Multiven, the world’s only manufacturer-independent provider of lifetime software maintenance and cyberdefense services for all Internet networks, can maintain all the software that the manufacturer won’t maintain anymore with lifelong security updates to keep your firm safe from cyberattacks.

Remember, if a device is in your production network, you must maintain the software, for as long as it is in-production.

References

• https://www.wsj.com/articles/hack-puts-equifax-at-risk-of-pullback-by-lenders-1505253402
• https://blogs.wsj.com/cio/2017/09/18/scourge-of-outdated-software-creates-massive-cyber-risk/
• https://www.wsj.com/articles/equifax-says-data-breach-possibly-affected-100-000-canadian-consumers-1505834728