News & Insights

Top Takeaways For Businesses How Equifax and WannaCry Could Have Been Avoided

Katherine Bodendorfer
Top Takeaways For Businesses How Equifax and WannaCry Could Have Been Avoided

Let us consider the top two attacks in 2017, Equifax and ?WannaCry, and explore how the attacks could have been avoided and the top takeaways a business needs to follow to mitigate ?future risks. Both ?of ?these incidents ?could have been prevented with good cyber-hygiene and? by following basic ?IT security? standards. ?

Equifax?

Impact: $439 Million cost? and 147.9? million? customers compromised. ?

What Happened??

Equifax is one of the top 3 credit reporting agencies, and because of the sensitive data they handle (i.e., social security numbers, credit cards, and other personal identifiable information), they are a ?treasure ?trove of personal financial data for cybercriminals. The hackers discovered a vulnerability in Equifax's usage of an open-source framework called Apache Struts for its online web app and exploited it. Consequently, the attackers entered through this back door to gain entry to Equifax's customer information.?

How the Incident could have been Avoided?

While the breach ?occurred in May 2017 through a vulnerability, there were available sets of code that Apache fixed and by leaving ?their system unpatched led to the? breach that otherwise could have been averted. However, it should be noted that this may be a case of delay in patching (a set of codes and changes that can be applied to a computer program to update or improve it) rather than outright negligence. Equifax confirmed the Apache Struts vulnerability, but they did not take countermeasures in an appropriate amount of time. This highlights the importance of a layered approach to managing vulnerability (identifies, classifies, remediate, and mitigate vulnerabilities) and patch management (a set of system managements that involves testing, and installing multiple patches). Equifax would have benefited from software distribution and patch management? simultaneously. In both cases, companies should research software to do vulnerability scans, risk prioritization, and auditable patch management.?

Top ?Takeaways

1. Necessary precautions ?need to be ?taken ?to ensure that not only has a company ?formed a stronger business relationship with its partners, but they are working and ?requiring ?their partners to be ?reputable and qualified. WhiteHawk provides products like the Vulnerability Manager Assessment by Flexera, which impowers IT security and Operations with intelligence to continuously track, identify, and remediate vulnerable applications$mdash;before exploitation leads to costly breaches.

2. Patch systems regularly and exercise vigilance regarding easy access points. WhiteHawk offers products like SolarWinds, SCCM, Intune, or Airwatch to address software vulnerabilities and help getting a management system that can monitor patches.

3. Think about cyber-hygiene in terms of layers. Put in place enough security layers to adequately defend and deter cybercriminals from thinking a business is an easy target.?? Read more about this issue and the top cybercrime trends and how to improve your Cyber Hygiene.

WannaCry ?

Impact: $4 billion (estimate)?and?it?affected?more than 200,000?computers?in 150 countries. ?

What happened:?

WannaCry is a type of ransomware (a type of software that is designed to block the ability to access a computer system until money is paid to unlock the data) that occurred in 2017 and is classified as a ?cryptoworm. Hackers (the US and the UK suggest North Korea backed the attack) used a computer exploit called ?EnternalBlue, which was developed by the National Security Agency ?(NSA) and subsequently ?leaked ?online by a hacker group known as ?ShadowBrokers. After that, WannaCry hackers discovered a vulnerability in Microsoft Windows operating system and spread the virus. Data was then encrypted, and systems locked down until a ransom was paid in the form of bitcoin or some untraceable crypto-currency.??

How the Incident could have been ?Avoided

The hackers were counting on organizations ?not patching ?their systems ?or being ?too ?slow to apply security patches ?in time. Many organizations, like the National Health System ?(NHS) for ?England, were using outdated Windows XP operating systems. The fact is, ?no organization should have ?suffered from the attack ?if the necessary patches (software updates) that Microsoft released were installed ?in the first place.??

Top ?Takeaways ?

Foundational IT security practices are the easiest way to prevent or mitigate the impacts of a cyber attack.??

1. All users need to exercise a healthy dose of skepticism when receiving emails from unknown users or unusual requests?and especially those that contain suspicious links or attachments. ?As pointed out in the article about Cybercrime Trends for 2018, a good practice to avoid opening malicious links is hovering over the link in an email before clicking it. Hovering over a link will display its true URL, and then the user can decide if it's safe to visit or report it. ?

2. Ensure computers are running the latest versions of a supported operating system and that updates are being done through a trusted site/operation. Users ?should avoid just clicking the "remind me tomorrow" option ?regarding updates.

3. Ensure that a data backup system is in place (removable hard drive or reputable cloud service) and ?being tested for effectiveness. This will allow? data ?to be ?retrieved in the case of a ransomware attack ?and the threat to pay ?can be ignored. ?Read the recommended article to understand how to Protect Your Business from the Next Ransomware Attack.

4. Lastly, have a database, network (i.e., Nessus, SAINT, OpenVAS), and web application security (i.e., Nikto, Qualys, Sucuri, Burp Suite) vulnerability scanning systems in place to identify risk reports and someone to review and report them to the appropriate parties in a company. A vulnerability scanning system is a software application that inspects the potential points of exploit on a computer or network to identify security holes. In the case of WannaCry, the hackers attacked a weakness in an operating system that was already recognized by Microsoft.