Today I want to share with you a good case study about that why equifax breach happened? I read lot of topics about Equifax breach. There are a lot of reasons but the most important things;
- They knew Struts was an issue but failed to find it their environment before the attackers did.
- They lacked preparation, experience in using their tools and knowledge of their tools limitations.
- They didn't test or check security controls after putting them in place.
- They knowingly left security tools/controls broken for over a year.
- They left platintext credentials in text files.
I am not sure, everything is true on this list but we dont ignore.
Equifax breach happened because, equifaxs lack of asset management was the cause of their breach. I think every security guy should learn why equifax breach happened and need to get learn lessons. But also keep in mind that, if there is a vulnerability on your public faces assets, you need to patch and operate vulnerability & threat management process. After that you must validate systems up to date and running with newest version securely. Your offsec team must validate vulnerability patched and there is no any other flaw. Cyber Security is a cat and mouse game. When you fail managing some things, attackers dont wait, and they ignore your crying. if you are a security person, you must configure security systems up to date and well hardened to all company assets : )
#stayathome #coranavirus #covid-19 #staysafe #equifax #securitybreach
References:
https://twitter.com/sawaba/status/1226951570279063553
https://blog.bitdiscovery.com/2020/03/equifaxs-lack-of-asset-management-was-the-cause-of-their-breach/
Hiç yorum yok :
Yorum Gönder