Essay Example on Equifax Data Breach Equifax Inc is a consumer credit reporting Agency

Subcategory:

Category:

Words:

200

Pages:

1

Views:

169

Equifax Data Breach Equifax Inc is a consumer credit reporting agency Equifax collects the information on over 800 million individual consumers and more than 88 million businesses worldwide like Business Firms Banks lenders etc for free and process those data and sell the processed information back to them Along with other 2 viz Experian and TransUnion Equifax is the 3rd largest credit reporting agency In September 2017 Equifax reported a massive data breach It claims the breach has taken place in between mid May and July 2017 a cyber security breach that compromised the most sensitive personal and financial data of more than 145 5 million users 



The data revealed in the hack includes names Social Security numbers birth dates addresses and in some cases driver license numbers Nike Zheng a Chinese cybersecurity researcher from Shanghai exposed a flaw in the Apache software package Apache Struts In merely a day interval Zero day Exploit the information was provided on FreeBuf com a Chinese security website and soon on Metasploit a popular free hacking tool On March 10 hackers came to know about Equifax s vulnerability And soon hackers penetrated Equifax s security The hackers were finally noticed on July 29 2017 but by that time the breach was so deeply embedded that the company was forced to take the consumer complaint portal offline for 11 days during which the security team found and closed the backdoors the intruders had set up 1 Discuss the type of security properties that were either 1 broken by adversaries or 2 were missing from systems that allowed the issue to occur Based upon the information provided by Nike Zheng Apache has corrected the flaw in its software package and a patch for the vulnerability was released on March 7 2017 Equifax stated that the breach was expedited using this flaw in Apache Struts software package The security patch was released on March 7th but the company ignored to apply the security patch which resulted in a massive data breach

This was not the only attributable cause for the breach contributing factors included the insecure network design which lacked sufficient segmentation which can easily be prevented and potentially inadequate encryption of personally identifiable information PII and ineffective breach detection mechanisms 2 Discuss the power of the adversary that seemingly attacked the system or was believed to have attacked the system Try and estimate a dollar figure to determine how much it cost to launch the attack and the level of expertise required by the attackers and the number of the attackers If the attack required specialized equipment of access denote these and then try and estimate the cost The nature of the attack makes it harder to pin on particular perpetrator The attackers were really smart and completely avoided using such tools that investigators can easily use to track the known groups One of the hacker s favorite hacking tool China Chopper has a Chinese interface but this tool is also used outside of china as identified by the people familiar with this malware suggested Many of the tools used were Chinese and Equifax breach has the similar fingerprint of security invasion in recent years at giant health insurer Anthem Inc which is ultimately repudiated to hackers working for Chinese intelligence Federal Bureau of Investigation and U S intelligence agencies stated that it might be a nation state wide planned breach but that it doesn't point to China Mandiant the security consulting firm hired by Equifax to investigate the breach said in a report distributed to Equifax clients on Sept 19 that it didn't have enough data to identify either the attackers or their country of origin 



As the adversaries are so expert that they didn't leave any backtrack which conveys that they are expert in breaching the security networks and were expert in programming as well Based upon the known facts it's not yet possible to estimate the cost to launch the attack as the use of Apache Software Struts package is licensed free the tools like Metasploit and ChinaChopper are freely distributed tools and we also don't have any clue about the number of attackers or whether a nation state has played any role in this breach It will be too soon to provide any verdict about the ultimate cost of Equifax s data breach will be Wall Street has already rendered its initial figure of 4 billion Besides being used to take out loans in other people s names there is lot more possibilities of the data to be exploited by hostile governments to let say get the information of people with high security clearances More than half of all US residents who totally depends on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come


Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO

Start