The new Equifax cyber attack has just been revealed, however it happened on 29 July. Another cyber attack which should have been avoided without the Equifax security team negligence – or incompetence? The question arises here because the origin of this cyber attack is still a known vulnerability that has not been corrected.
Equifax cyber attack, negligence or incompetence?
This cyber attack affects about 143 million American consumers and also English and Canadian consumers. This impressive number comes from the fact that Equifax is specialized in protecting and analyzing the personal and financial customers data who apply for credit from a bank or a credit institution throughout the world. Many people are questioning the personal and financial data protection activity after this attack. The most regrettable is Equifax could not protect its own information system. The flaw exploited by hackers comes from the Apache Struts web application framework. It allowed them to access data (identity, date of birth, address …) kept on the customer portals.
This flaw was referenced by the community in March 2017 in the Common Vulnerabilities and Exposures list under the heading CVE-2017-5638. Moreover, a patch has been set up so that all users can apply the remediation.
Don’t forget vulnerability management
This is not the first cyber attack exploiting this vulnerability. On April 6, 2017, Securityweek’s article reported that AT&T was vulnerable to this vulnerability and could suffer a ransomware attack. In previous articles Ransomware Petya, we warned you! and WannaCry Infection – Why It Should not Happen! we indicated that these cyber attacks should not have occurred.
Exploiting vulnerabilities remains one of the main entries for hackers, surely the first! Indeed, once the vulnerability is known, they have all the information needed to break the vulnerable companies network.
Security teams need to better protect enterprises from vulnerabilities. Few have an accurate visibility of the number of vulnerable servers and their level of exposure. Even worse, companies with virtualized servers or a cloud infrastructure acknowledge that they only know 72% of their IT, the remaining 28% being shadow IT according to Gartner. They are neither updated neither analyzed. The main causes of these shortcomings are the infrastructures evolution which are becoming more complex and cumbersome solutions not adapted to the CISO and security team needs.
SMEs are more at risk than ever
This kind of cyber-attack does not affect only large companies. Indeed, the media only relays breaking news that affect thousands or millions of customers. But the reality is quite different: 77% of cyber-attacks concern SMEs. Thehackernews article highlights it by indicating many Cisco solutions are affected by the vulnerability on Apache Struts. These solutions are used by thousands of SMEs around the world making them targets.
Big companies are affected because they do not have adapted solutions to their complex and large-scale IT infrastructure. SMEs can’t afford the best vulnerability management solutions on the market and they also have a lack of human resources. Either quantitatively – small security team – or qualitatively – lack of skills in all technologies.. They turn out to be easy targets for hackers. In most cases, the breaches are hidden even if they can lead to a very important loss of activity for a company (loss of data of the CRM or the accounting, loss of turnover, criminal prosecution …).
Start now to reduce your cyber risk exposure.
Which steps to follow to avoid breaches? How to know if you are vulnerable, not only to CVE-2017-5638 vulnerability but also to all of them?
More than 50 new vulnerabilities are detected every day on average in 2017, therefore automated solutions are needed to continuously manage this problem. This will become a legal obligation with GDPR in May 2018.
That’s why we are developing solutions that continuously analyze traditional, hybrid and
cloud infrastructures to detect new vulnerabilities that could be used as doors to a cyber attack. The solutions detect all active and inactive servers on the network and classify vulnerabilities by criticality. We are following the implementation guide for SMEs edited by the Center for Internet Security for some analysis.
An alert system allows to act quickly and to apply the best corrective measures to avoid a vulnerability exploitation.
Comprehensive and understandable reports are also available to evaluate the action plan following and to provide cyber risk level to the C-Suites.
All companies, large companies, associations or SMEs, are thus vulnerable to the same Equifax cyber attacks. But they are also vulnerable to many others because vulnerability management is not properly implemented.
We offer a free diagnostic of your vulnerabilities on one of your IP to show you that you may also be vulnerable!