
The saga finally comes to some resemblance of closure. One of the world’s largest data breaches – a total of nearly 150 million records – puts names to its’ assailants.
This week, the U.S. Department of Justice announced charges against four Chinese hackers believed to be associated with the Chinese government. Leveraging a java vulnerability and compromised credentials to move laterally within Equifax’s network, the hackers were able to slowly exfiltrate data over a period of 76 days.
According to security vendor CrowdStrike, web server attacks – like the one responsible for the initial access to Equifax – are the second most prevalent attack vector. The number one attack vector (by more than a factor of 2:1 over web server attacks) remains spear-phishing. Bad guy attachments and links dominate, putting unsuspecting users firmly in attack crosshairs.
The Equifax attack should be a warning to ensure all web-facing applications and systems are constantly in an updated state. Vulnerability scanning is a great advanced step to ensure this is the case. But equally, organizations need to heed the data demonstrating clearly that the greater threat is email-borne attacks seeking to fool users into clicking on malicious content.
Organizations can employ Security Awareness Training as a means to keep users constantly updated on attack methods, social engineering tactics, new scams – and what to do about it should they come across an attack like this.
There will be plenty more attacks – hopefully none in the cyber stratosphere like the Equifax breach. It’s imperative to ensure your users – just like your web servers – are kept up to date on the latest methods of attack to minimize the threat surface.