Yesterday’s news about the Equifax hack hit every major news outlet with reports of up to 143 million customers affected and was amplified throughout social media. Readers might remember a similar attack struck Equifax’s competitor, Experian in 2015. After reviewing the available information – which currently is just various reporting based solely on the official Equifax announcement, here is what we know.
Attack Vector: “Criminals exploited a U.S. website application vulnerability to gain access to certain files.”
Timing: “The unauthorized access occurred from mid-May 2017 through July 2017.”
Date of Discovery: July 29, 2017
Response: Equifax has a “leading independent cybersecurity firm doing a comprehensive forensic review.” Equifax set up a domain (equifaxsecurity2017.com) on August 22, to try and get ahead of the potential brand impact.
At least until the firm completes its forensic review, which is expected “to be completed in the coming weeks,” the technical details of the specific vulnerability and exploit will not be known. This, however, likely won’t stop rampant speculation of the cause and perpetuate the negative impact to the Equifax brand.
Early Detection and Visibility
In the case of Equifax, or any other organization focused on security, advanced warning is critical. As a product BluVector passively analyzes network traffic for evidence of compromise and attempts at compromise across all ports and protocols. As with recent attacks like Locky and Petya, the ability to detect and respond can mean the difference between minor and major impacts. As attackers continue to evolve their techniques, BluVector continues to deliver advancements in detection and automation, reducing the workload on analysts so they have more immediacy and visibility in to attacks.