Technology
Like

Equifax breach: The impact for enterprises and consumers

October 8, 2017
63 Views
0 Comments
2 minutes read
Equifax breach: The impact for enterprises and consumers

What we know about the Equifax breach

On September 7th, credit reporting agency Equifax announced “a cybersecurity incident potentially impacting approximately 143 million U.S. consumers.” To put this in context, at this time, this incident is almost seven times larger than the Office of Personnel Management breach of 2015. Equifax discovered the unauthorized access on July 29th and determined that the intrusion began in mid-May. Equifax stated that “the information accessed primarily includes names, Social Security Numbers (SSNs), birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.” In addition, the “limited personal information” for Canadian and United Kingdom citizens was all accessed. The initial attack vector was reported as a “web application vulnerability.”

 

What we don’t know about the Equifax breach

Whenever doing any sort of analysis, it is important to state what we don’t know. Simply put there is a great deal we don’t know and most of the public will never know (despite what some talking heads might claim). As a former incident responder, I know that investigations aren’t completed in the time it takes to complete an episode of TV drama Scorpion. (Did you know that Scorpion is starting its fourth season?) Equifax stated that the investigation is “substantially complete,” but wisely added that “it remains ongoing and is expected to be completed in the coming weeks.”

  • We don’t actually know how many SSNs were compromised.
  • We don’t know if all 143 million individual’s SSNs were impacted.
  • We don’t know the threat actor responsible for this intrusion. Equifax claimed that “criminals exploited” a web application, but attribution is always a challenge. Structured Analytic Techniques, like the Analysis of Competing Hypothesis we did for WannaCry, can be useful for considering attribution.
  • Speaking of web applications, although we don’t know the specific vulnerability that was exploited, I’d bet 1,000 Gold Dragons it was SQL injection.

https://www.digitalshadows.com/blog-and-research/equifax-breach-the-impact-for-enterprises-and-consumers/

 

Editor_wr

1473 posts
0 comments
Do NOT follow this link or you will be banned from the site!