2.5 Months passed before attackers were stopped
Data security is a major concern for organisations of any size, type and industry. There are endless examples of small to major data breaches being reported in the media, often very little detail is made available regarding attack vectors, investigative work performed, findings etc. In the last two months a U.S agency called the Government Accountability Office (GAO) released a report into the Equifax breach which it compiled at the request of the US Congress. The Equifax data breach hit the news in 2017 as their executives took steps to advise the public that Equifax had been undergoing a cyberattack for an unspecified period of time and they were aware that sensitive data had been stolen.
The report is an easy to read document, worth reviewing and sharing with anyone in your organisation that is required to take part in discussions or decision making regarding information risk and governance, IT Security best practices etc. Click Here to download a copy of the report.
Some of the key points in the report are –
- Attackers had been accessing Equifax systems and data for 2.5 months before being detected.
- A particular vulnerability was not properly identified as being present on an Equifax online dispute portal. It was left unpatched and allowed the intrusion to occur.
- An expired SSL certificate prevented a network monitoring tool from detecting the malicious traffic, meaning large amounts of data were removed by the attackers without setting off any alarms.
- Poor segmentation meant the attacker’s had easy access to multiple databases containing Personably Identifiable Information (PII).
- One particular database which contained unencrypted credentials (username and passwords) for additional Equifax databases was plundered, so the attackers were easily able to run queries on those additional databases.
One of most important lessons from this data breach report is that, security needs to be an all-inclusive, layered and integrated approach. We commonly treat smaller issues such as managing SSL certificate renewal as a low priority task (creating a security gap) whilst focusing on high end ad-hoc security solutions.
The Equifax data breach highlights the need to regularly conduct objective security architectural and configuration reviews. Ideally the reviews should be done in combination with periodic audits of your current security controls, processes and procedures to validate their effectiveness and measure overall security posture.
Avoiding The Blues With Microsoft Azure
In previous versions of Newsflash we have highlighted our Office 365 Audit offering (view the case study). The majority of the organisations we have worked with in this area are also looking to partially or fully embrace cloud delivery for their line of business applications.
Before this transition occurs it is worthwhile undertaking a review of your planned Microsoft Azure security architecture. This presents an ideal opportunity to potentially reduce the complexity or overlap of the specified technical controls whilst improving security effectiveness.
As the transition gets underway periodic configuration checks are also recommended to ensure security gaps are not inadvertently being introduced into the new environment.
To discuss how Kaon Security can assist your organisation in the areas of IT security audit services or security architecture reviews contact Mike Conboy or Steve Macmillan - 09 570 2233.
New Security Awareness Offering – The Essentials Package
The Essentials Package is designed to assist organisations with under 250 people programmatically develop and improve security awareness at an affordable price.