On Thursday, September 7, 2017, Equifax, one of the three major consumer credit reporting agencies, announced that hackers gained access to company data that impacts 143 million customers. The compromised information includes Social Security numbers and driver’s license numbers. Days after the breach was announced, Equifax’s stock was down more than 12%. This is more than a billion dollars in lost shareholder value.
Thieves are already using the stolen data
After the Equifax breach, reports show a spike in credit card fraud. The credit monitoring company first learned of the breach in July, but it was not made public until now. Liron Damri, co-founder of Forter, a fraud prevention service for online retailers, said he saw a 15 percent increase in the overall fraud attempts in their system in August, which is an unusual time of year to see such a spike. Damri believes the thieves sold the financial information to turn a quick profit once they realized they were caught.
No such thing as bad publicity, but this is the exception!
Most of the articles written about the Equifax breach also talk about other famous breaches such as the Yahoo and Sony breaches. According to The Economist, this sort of brand damage is long lasting when it comes to large established brands. This sort of attention has caused customers to stop doing business with the breached companies. Customers who have had their identities stolen have a much longer memory. The lost revenue and bad publicity associated with a breach is often feared more than the cost associated with loss of the data stolen. For this reason, companies try to keep breaches secret for as long as possible.
“There are only two types of companies: Those that have been hacked and those that will be hacked.”
Robert S. Mueller, III, Former FBI Director
Recent cybersecurity news is all about the latest ransomware, malware, or password phishing breach. These events tend to get the focus, but I think this is equivalent to chasing yesterday’s news, lagging indicators. Recent events have proven a determined hacker can and will breach your network. Even with the most advance cybersecurity in place to protect your network at the perimeter you are still susceptible to low-tech phishing scams. This is because the human element will be a factor until the day machines take our jobs.
What does an attacker want to do once a breach starts?
An attacker wants to spread the breach to as many systems as possible and the best way to do this is through the theft of credentials. Attackers typically use stolen credentials to spread the initial breach to critical system infrastructure. This allows an attacker to access machines that would have otherwise been immune to the initial breach such as malware, ransomware, phishing and so on.
Once inside, the outsider becomes an insider
The average breach goes undetected for more than 90 days. Once inside your internal system, with access to your trusted credentials, an attacker looks just like a trusted insider. A cybercriminal wants to go undetected for as long as possible so they can reach their reach to more systems, gain more access, and steal as much of your data as possible. The bad guys do this by not only using the stolen credentials to reach new systems, but these same credentials allow the attacker to impersonate insiders and hide their activity by encrypting it.
Victim or not? The choice is yours
You don't need to be the next Equifax, Yahoo, or Sony. At SSH.COM we believe that the best way to mitigate the risk from credentials is to remove them from the equation. Read more about our approach to cloud access management.
Edit: One year on and not much has changed
Cnet report that significant action on the Equifax breach has failed to materialize and that credit reporting agencies are still risking costly data breach. For more detail, download the full Congressional report.