What Happened?

  • One of the largest data breaches in the United States
  • 143 million U.S. consumers Personal Info
  • Files that included names, Social Security numbers, driver’s license numbers, birth dates, addresses.
  • Hackers made a ransom demand on the Dark web citing they would delete the data unless they received a ransom payment of 600 bitcoin, which is worth around $2.6 million at current valuation

How to Protect Yourself?

How did it Happen?

  • Apache Struts (CVE-2017-5638) vulnerability (qz.com) Announced on March 7, 2017
  • Struts handles data sent to the server.  Attackers can use a remote code execution vulnerability that affects the parser in Apache Struts.
  • In mid-May hackers breached the Equifax network and exploited the Apache struts vulnerability.
  • Equifax was not aware of the hack until mid-July.
  • Default web server passwords were being used

Nation State Hack?

  • Bloomberg reported that the Equifax hack may have been done by China
  • Chinese hacker tools used
  • Hacker teams so the initial hack was handed off to another team to place back doors and find the database with all the information

Remediation

  • Apply the Apache struts patch
  • Every organization needs an internal PSIRT team
  • Organizations should have a central database of all open source software deployed.  When a CVE is announced then the PSIRT team can check all of the open source software deployed in the organization.  The database can be searched and the appropriate department can be alerted that their devices need to be updated.
  • All default passwords should be changed to meet strong password rules as described in the NIST 800-63-B.