We’ve received a ton of community interest over the past week around the Equifax hack. When your company sits on the personal information for virtually all of the United States, you are subject to attacks from all angles. Phishing, social engineering, and zero day exploits are not out of the question when hundreds of millions of credit cards and SSNs are sitting on your server.
But this hack was different.
The script to run this attack was public, open for the world to see. The company was aware of the exploit for months. To make matters worse, this hack could have been executed with minimal programming knowledge and just a half hour of work.
The breach is a great example of why we need to move away from centralized data hubs like Equifax.
Almost all attacks can start with a targeted phishing email or social engineering attack. The phishing email that compromised the Clinton campaign is a good example:
It looks like a real email, but clicking the bit.ly link will of course redirect the user to a page controlled by the hacker.
Once access is granted to one computer in a network at a large company, a hacker will try to compromise other computers to increase the amount of access they have to sensitive resources. The attacker compromises other computers and gains access to more accounts (email, internal file servers, etc.) until they are able to carry out whatever malicious attack they wanted to do in the first place.The Attacker Lifecycle
While it is easy to get access to company networks this way, it would probably be hard to get access to large amounts of sensitive credit data with this method. Hopefully only a limited number of employees have access to the core servers used for sensitive information and hopefully those servers are on a separate network. Hackers can probably get access to these sensitive services with some effort by creating fake companies and p...