Four hackers have been charged with hacking the U.S. credit reporting agency where data on U.S. citizens and proprietary Equifax secrets were stolen.The saga finally comes to some resemblance of closure. One of the world’s largest data breaches – a total of nearly 150 million records – puts names to its’ assailants.
This week, the U.S. Department of Justice announced charges against four Chinese hackers believed to be associated with the Chinese government. Leveraging a java vulnerability and compromised credentials to move laterally within Equifax’s network, the hackers were able to slowly exfiltrate data over a period of 76 days.
According to security vendor CrowdStrike, web server attacks – like the one responsible for the initial access to Equifax – are the second most prevalent attack vector. The number one attack vector (by more than a factor of 2:1 over web server attacks) remains spear-phishing. Bad guy attachments and links dominate, putting unsuspecting users firmly in attack crosshairs.
The Equifax attack should be a warning to ensure all web-facing applications and systems are constantly in an updated state. Vulnerability scanning is a great advanced step to ensure this is the case. But equally, organizations need to heed the data demonstrating clearly that the greater threat is email-borne attacks seeking to fool users into clicking on malicious content.
Organizations can employ Security Awareness Training as a means to keep users constantly updated on attack methods, social engineering tactics, new scams – and what to do about it should they come across an attack like this.
There will be plenty more attacks – hopefully none in the cyber stratosphere like the Equifax breach. It’s imperative to ensure your users – just like your web servers – are kept up to date on the latest methods of attack to minimize the threat surface.
