Workload and Application Security Blog

The Equifax Breach – Security One Year Later

Written by Shauntinez Jakab | Sep 11, 2018 4:53:23 AM

Here we are a year later since that gloomy day, September 8, 2017, when Equifax announced the breach and theft of information belonging to 143 million American people, and others in the UK and Canada too. Were you impacted?

Ranked the 4th Worst Breach of All Time

The Equifax breach made headlines around the world. According to CSO Magazine the breach is considered the 4th worst data breach of all time, earning it U.S. Congressional hearings and talks of scandal. Ultimately the publicity, the delayed responsive action and the inadequacies in security, which were thought to have resulted in the attack itself, lead to the departure of Chief Executive Officer Richard Smith. The stock also took a hit, slumping as much as 25.6% percent after the disclosure. If things weren’t already bad, in 2018 Equifax notified an additional 2.4 million U.S. consumers that they were affected by the hack. The company continues to deal with mounting legal action and lawsuits.

What, in the name of security, has changed in the past year?

Organizations typically become more vigilant following monumental breaches. Larger companies often tighten the reins to prevent becoming victims of headlines. We saw the same in the last year, following Equifax breach. Just two months after the breach, Gartner predicted a 7.5% increase in 2018 security spending over the previous year, as a result of concern for attacks like Equifax. In the related press release, research analyst Ruggero Contu mentioned that a large portion of security spending is typically driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide. Results of a survey in the same press release show enterprise security budgets are shifting towards detection and response, and by 2020, more than 60 percent of organizations will invest in multiple data security tools to strengthen their infrastructure security program. Organizations are also investing heavily in security services helping to overcome challenges with maintaining their security solutions, ensuring expertise and improving attack responsiveness.

As organization’s strengthen their defenses and overcome significant challenges, attackers are changing their approach to building out successful attacks. According to the '2018 Verizon Data Base Investigation Report'(DBIR), 70% of attacks in the last year used a fileless (non-malware) approach and involved some form of hacking and or privileged misuse and errors (publishing, misconfiguration, misdelivery, loss). With fileless malware methods, cybercriminals directly manipulate Java, Python or C# code, memory as it is processing compiled code, libraries, protocols, and various frameworks. Since the Equifax breach and with the increased use of exploit methods including directory traversal, buffer overflow, memory corruption, injection attacks, and XSS, it is evident that attackers are affecting the application without human intervention and may even bypass the web altogether.

With attackers targeting unprotected, vulnerable functional areas in application flows, the attack life cycle is minimized. Successful breaches now have a much shorter time to compromise. According to Verizon, the time from the first action in an event chain to initial compromise of an asset is in seconds or minutes. While attacks are accelerating, time to detection continues to be quite lengthy. According to reports, 68% of attacks took months or more to discover, and usually as a result of prolonged, after-the-fact forensic data analysis initiated for whatever reason.

Are YOU investing in security the right way?

Let's now discuss where your investment is best applied. Ramping up on intelligence services, machine learning, patching and even training may not be enough when attackers already have access to applications and are targeting areas that are off the security program grid – say memory, a Spectre flaw or an uncommon/zero-day exploit method. Investing in security solutions like Virsec Security Platform, which provides real-time defense for memory, interpreted code, and compiled applications, may add the most value to your security portfolio. Companies like Raytheon, Schneider, and Aveva are recommending Virsec to organizations to ensure a more comprehensive defense that strengthens the resilience of critical infrastructure software and enterprise applications when under attack.

Virsec uniquely detects the most evasive attacks, targeting deep code functions, memory and uncommon flaws in software, compiled code and microcode. It also remediates attacks immediately by executing protections in milliseconds to defend vital operations, information, IP and data before there is damage. Virsec services help enterprises effectively protect against sophisticated attacks with capabilities that drive security automation, enable machine-to-machine handoff, add value to firewalls and ensure preemptive patching of vulnerable systems. Virsec also prevents attack persistence and detects and protects against attacks in real time. Learn more about Virsec Security Platform, contact us for more information or ask your security solution provider about Virsec.

Sources:

-CSO Magazine, “The 17 biggest data breaches of the 21st century,” Jan 26, 2018
-Keith Noon, The Mootly Fools Article, “Why Equifax Stock Fell 25.6% in September” Oct 5, 2017
-Gartner Press Release, December 7, 2017 “Gartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017."
-Verizon DBIR 2018 Report: Summary of findings and Top 20 Varieties