Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

FireEye pulls Equifax boasts as it tries to handle hack fallout

Now credit freezes may not even be secure

John Leyden Mon 11 Sep 2017  //  17:50 UTC

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency.

Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the credit reference agency’s systems and accessed all manner of sensitive information.

Equifax back FireEye for hacker defence

The breach, discovered in late July but disclosed only last Thursday, affected 143 million US consumers and an as-yet undisclosed number of Brits and Canadians.

The intrusion began in mid-May and went undetected for two months until 29 July. Criminals had access to names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers of millions of Americans as well as the credit card numbers of 209,000 US consumers.

Early indications are that hackers failed to go even deeper and access Equifax’s core consumer or commercial credit reporting databases. Equifax said that hackers exploited an unspecified web application vulnerability to hack into its systems.

Equifax has reportedly hired incident response experts at FireEye Mandiant to investigate the breach. These experts have also been helping with PR aspects of damage limitation, it seems. Brandan Schondorfer of Mandiant registered the domain Equihax.com on Tuesday (5 September), two days before the breach was publicly disclosed, thereby preventing anyone else intent on poking fun at Equifax – or perhaps worse, run phishing attacks – from getting their hands on the domain.

Other aspects of Equifax’s overall incident response (analysed in depth in a post by security blogger Guise Bule here) have been less assured. For example, security experts at Sophos have criticised Equifax’s use of PINs – based on the date and time of when a request was made – to freeze consumer credit files. Crooks have a far better chance of determining these PINs and unfreezing credit files than if they were randomly generated. Worse yet, compromised server logs might be used to determine PINs. ®

Bootnote

*The Equifax endorsement came in a FireEye white paper entitled Less Secure Than You Think. Thanks to reader Ken L for forwarding a copy (a Google cache snapshot can be found, at least temporarily, here).
Send us news
16 Comments

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Over a million Neighbourhood Watch members exposed through web app bug

Unverified users could scoop up data on high-value individuals without any form of verification process

Lawsuit accuses Grindr of illegally sharing users' HIV status

LGBTQ+ dating app's maker previously denied selling sensitive user data

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

It’s the second time the World-Check list has fallen into the wrong hands

US House approves FISA renewal – warrantless surveillance and all

PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more

Pandabuy confirms crooks nabbed data on 1.3M punters

Nothing says 'sorry' like 10 percent off shipping for a month

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

High-profile individuals including MPs said to be caught up in leak

SharePoint logs are easily circumvented and Microsoft is dragging its heels

Now is the perfect time to review those permissions

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

IT systems pulled offline for chance to paws and reflect

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

OWASP server blunder exposes decade of resumes

Irony alerts: Open Web Application Security Project Foundation suffers lapse

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns