Equifax

Target Audience

Keywords

Introduction

Overview

The Equifax breach was made public in September of 2017 and exposed the sensitive personal informationof nearly 143 million people. Attackers exploited an Apache Struts vulnerability in Equifax's website to gain access to the company's database, where names, Social Security numbers, birth dates, addresses,and other personal information was harvested. The breach was undetected for several months, which allowed attackers to extract this massive amount of data. Equifax faced criticism for the handling of the breach for a number of reasons. When Equifax had discovered the breach, they failed to report it immediately. Additionally, a number of other poor security practices, such as the use of default passwords, were discovered. This breach in particular raised significant concerns about cybersecurity practices within the finance industry and highlighted the consequences of failing to protect consumer data.

Vulnerability Details

Attackers exploited the vulnerability CVE-2017-5638 in the Apache Struts web application framework. This vulnerability allowed remote attackers to execute arbitrary code on the target server by sending specially crafted HTTP requests containing malicious Content-Type headers, which would then be mishandled by the server. The attackers exploited this exact vulnerability to gain access to Equifax's systems and subsequently exfiltrate sensitive data from the company's databases. This vulnerability’s CVSS (Common Vulnerability Scoring System) score was rated a 10, which is the highest score possible, indicating its severity. Despite this severity, Equifax’s web server would still be vulnerable two months later after its discovery, ultimately leading to the breach.

Learning Objectives

Download

Remote Terminal

Terminal Description

In this lab, we will examine typosquatting, a very common technique used by attackers to phish for credentials. You will search for popular websites and analyze their various typosquatted domains.

Use the help-module6 command to explore available commands.
Assume we know the Apache Tomcat server to be running at the local IP address 192.168.1.58 on port 8443.
First, send a test packet to the web server and confirm the response.
Examine the exploit code snippet that is used within the script.
Run the exploit script and view the outputs.
Think about the significance of the output of the whoami command in particular

Module Questions

What is Apache Struts?Apache Struts is an open-source framework for developing web applications in JavaApache Struts is a programming language used for database management.Apache Struts is a type of web hosting service offered by Apache FoundationApache Struts is a cybersecurity tool used for network penetration testing.

A critical vulnerability is found in software that your organization uses. When should you update to the latest secure patch?You should wait until the end of the month because the update might disrupt ongoing projects.You should update to the latest secure patch as soon as possible to mitigate potential exploitation.You should update only if your organization experiences a security breach related to that vulnerability.You should delay updating until the next scheduled maintenance time.

Why is it important to act immediately upon the discovery of a breach?It’s not necessary to act immediately as it’s best to wait for more information about the breach.Acting immediately could lead to panic and confusion among employees.It’s always possible a breach may not be serious, so it’s alright to not take immediate actionImmediate action is crucial to minimize damage of the breach by containing the incident and preventing further access.

What did the Apache Struts Vulnerability CVE-2017-5638 take advantage of?The vulnerability exploited weaknesses in SSL/TLS encryption protocols.The vulnerability exploited incorrect exception handling of specially crafted HTTP requests.The vulnerability targeted flaws in the Apache HTTP Server software.The vulnerability targeted flaws in the Linux operating system kernel.

What are examples of sensitive personal information?Social Security numbers, driver's license numbers, and biometric data.Email addresses and phone numbers.Public social media posts and usernames.Job titles and company affiliations.