![]() ![]() “The use of encryption allowed the attackers to blend in their malicious actions with regular activity on the Equifax network and, thus, secretly maintain a presence on that network as they launched further attacks without being detected by Equifax’s scanning software,” the GAO report stated.Įven with the vulnerable system and the encrypted data channel, it still took a lot of effort from the hackers to find and get the Personally Identifiable Information (PII) data they were after. When the hackers began to exfiltrate data, they used encrypted data channels to avoid detection. The simple initial vulnerability was not the point at which the attackers began to siphon off the data of 145 million consumers, which didn’t actually start to happen until May 13, 2017, roughly two months after the initial breach. The attackers were able to identify that Equifax was at risk from an Apache Struts vulnerability that was only publicly disclosed two days before the attackers began scanning. The attack began as many do, with the attackers first conducting reconnaissance by scanning Equifax’s publicly accessible systems to look for any known vulnerabilities. The length of time it took before Equifax discovered the breach enabled the attackers to move around within the company’s systems for months, relatively unimpeded. While public disclosure of the Equifax data breach did not occur until September 2017, Equifax system administrators had in fact discovered the unauthorized access in July 2017 - months after the attackers first gained entry to the company’s servers in March 2017. The retrospective look at the breach provides insights into how the breach occurred and what types of controls and technologies might have helped prevent it. ![]() Government Accountability Office (GAO) has released a 40-page report outlining what happened. 7, 2017, and details on the breach slowly trickled out for months afterwards. The breach was publicly disclosed on Sept. The Equifax data breach that exposed the sensitive personal information of more than 145 million consumers was one of the worst data breaches of recent years, both for the amount of information exposed and the ease with which hackers moved about the company’s systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |