Search
 
Commentary

Equifax Breach: Database Insider Threats From Third-Party Software

Its critical for organizations to apply security patches and deploy tools required to identify insider threats.

By Dave Rosenberg | Updated on September 20, 2017

The recent and massive database breach at Equifax serves to highlight the insider threat that database systems face today. But you say, “The Equifax database attack was perpetrated by external hackers, not internal personnel.” While that’s true, it is also true that once the Equifax database attackers circumvented the corporate firewalls and breached the application, they were able to masquerade as legitimate and authorized insiders. To identify an attack of that nature requires tools that detect insider threats. To better understand all of this, let’s walk through the Equifax database attack chain.

According to Equifax, the database attackers exploited a vulnerability in the third-party Apache Struts software they were running and had failed to patch with an available security update. Specifically the vulnerability is CVE-2017-5638 and a patch had been available to Equifax for nearly two months prior to the attack, yet for some unexplained reason, Equifax had never installed it.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Recommended Stories

Why Your CU Needs a Chief Data Officer

Why Your CU Needs a Chief Data Officer

Henry C. Meier, Esq. |

There are too many data-related questions to answer and legal issues hanging around to not have a data chief at the helm.

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2024 ALM Global, LLC. All Rights Reserved.