How Did They Break Into Equifax?

How Did They Break Into Equifax?

I’m sure you have asked yourself this question, right?

Simple answer: SQL Injection.   “…they probably stole the database credentials out of the [web] application…”

According to the below article and many others online, the data breach occurred due to a web app vulnerability.

This article explains technically what happened.

Excerpt from the above article: “For either vulnerability, the process is basically the same. The attacker sends a specific HTTP request containing some special syntax,” explained Jeff Williams. “In one case, an OGNL expression. In the other, a serialized object. The Equifax Struts application would receive this request, and get tricked into executing operating system commands. The attacker can use these to take over the entire box – do anything the application can do. So, they probably stole the database credentials out of the application, ran some queries, and then exfiltrated the data to some server they control on the internet.”

If your company is using a database activity monitoring (DAM) tools like, IBM Guardium, an attack like this could be prevented from happening.  But of course you need to implement the proper policies in Guardium.   We know exactly what policies are needed; please submit the form on the right and we can provide a more detailed explanation.

 

Share this post