You have the right to remain pissed
Hello, Hoodies!
With the start of the bootcamp, the substack has taken a backseat, but we’re picking up with it today.
We launched the second ever cohort of the Zero to Hoodie Cybersecurity Bootcamp on Tuesday and it has been ROCKIN!
Normally I wouldn’t make this offer, but this is a special case.
I’m allowing registration for the bootcamp to continue for the next 11 hours.
Sale ends at midnight.
Because of the extra time scheduled for the holidays, you could still get in TODAY and be on track by the first of the year.
After today, you’d simply be too far behind to keep up. There will be no further extensions.
If you’re ready to change your life and start your cyber career, then dive in.
Details below:
https:// bowtiedcyber.gumroad.com/ l/bootcamp
Now let’s learn about one of the WORST hacks in history.
2017 Equifax Hack - 148 Million People were Affected!
In September of 2017, one of the three leading consumer credit reporting agencies in the United States, Equifax, revealed that its computer systems had been infiltrated. It further disclosed that its private and sensitive information of 148 million Americans had been stolen.
Identities, names and addresses, contact information, dates of birth, social security numbers, and driver’s license numbers were among the data that was compromised when the breach occurred. In addition, the credit card details of about 209,000 customers were compromised during the attack. The magnitude and severity of the Equifax hack have never been seen before.
This security breach is unusual because of the sensitive nature of the personally identifiable information kept by Equifax and the magnitude of the problem. Other firms have had security breaches of a greater extent in the past.
How did the Equifax Hack Happen?
A number of factors played part in this hack to be successful. Below are the top reasons how did the hack happen in the first place;
Flaws in Internal Processes
The corporation was initially breached through an online site for customer complaints. The hackers used a well-known vulnerability that ought to have been fixed but wasn’t because of flaws in Equifax’s internal processes. The breach exposed consumers’ credit information.
Improper Segregation of Systems
The systems weren’t adequately segregated, the attackers could travel from the web portal to other servers, where they found users and passwords stored in plain text.
Encrypted Certificate were not Renewed
Attackers were able to stealthily extract encrypted data from the network for months because Equifax neglected to renew an encrypted certificate for a critical internal security tool.
Hack Remained Private Even After a Month of Discovery
Equifax did not make their discovery of the hack public until more than a month after they had realized that it had occurred; stock transactions by prominent executives around this time gave rise to insider trading charges.
What Did Hackers Do?
Hackers discovered that Equifax had not updated their version of the Apache Struts software as advised by Apache around March 7, 2017. The program was the backbone of an online site that allowed customers to contest the information included in their credit reports.
After discovering this vulnerability, hackers did the following things;
Utilized the weakness: They got remote access to the system at Equifax by uploading a programming language to one of the company’s servers.
Discovered credentials: They discovered credentials for the Equifax database and “falsely represented that they were authorized users of Equifax’s network.”
Search for sensitive/personal information: Approximately 9,000 times were spent searching the system for sensitive personal information while the searches were concealed via encryption.
Details stuffing: Stuffed the personal details in temporary files, compressed those files, and split them up into files of a smaller size to maximize their chances of delivering the stolen data without drawing attention to themselves.
Servers exploitation: During the time of the breach, they used 34 servers located in 20 different countries. They deployed various additional methods, such as remote desktop access and encrypted log-ins, to conceal the location from which the intrusion originated.
Compressed files were deleted: After moving the data into the external storage, the compressed files were deleted, and then the settings were changed to remove any information that may monitor their activities.
Who is to blame for the data breach at Equifax?
As soon as it was discovered that Equifax had been breached, information security professionals began monitoring dark websites in the hopes of finding massive data dumps that may be related to the incident. Despite their best efforts, they waited, but the data never materialized.
This gave birth to a notion that has since been widely accepted: that the Chinese state-sponsored hackers broke into the Equifax database. Their objective was espionage rather than thievery.
What information was lost, and how many people were impacted by this breach?
Since personal data is the primary commodity that Equifax trades in, the information that was stolen by the criminals when it was breached and stolen by them was pretty detailed and covered many people.
Because their names, residences, dates of birth, Social Security numbers, and driver’s license numbers were disclosed, it is estimated that 143 million people, or more than 40 percent of the total population of the United States, were impacted by this incident.
A relatively tiny portion of the data, maybe in the neighborhood of 200,000, contained credit card information as well; this subgroup of records most likely belonged to individuals who had made direct payments to Equifax to obtain a copy of their credit report.
Equifax breach by the numbers
Below are some data breach numbers that were highlighted in Equifax hack incident;
76 days: Amount of time the attackers were operating within Equifax’s networks without being noticed by the company’s security personnel.
143 million: Number of customers whose information may have been compromised due to the security breach.
$125: The maximum amount of money that can be awarded to you as compensation if your personal information is stolen from Equifax’s systems.
$1.4 billion: Amount Equifax spent to strengthen its security measures to respond to the breach directly.
0: The total number of identity theft or fraud instances linked to this particular event.
What response did Equifax have to the security breach?
Equifax was criticized for not handling its massive data breach in 2017. The company was slow to disclose the breach, and when it did, it provided confusing and contradictory information about what had happened. Equifax also failed to protect the exposed data, including social security numbers and birthdates.
Congress held hearings on the matter, and Equifax ultimately agreed to pay $700 million to settle with the Federal Trade Commission. Despite these actions, many consumers remain concerned about how Equifax handles their data.
What were the most critical takeaways from the Equifax data breach?
The Equifax breach was a wake-up call for many businesses. It showed just how vulnerable companies are to cyber-attacks and how important it is to have robust security measures.
There are a few key lessons that we can learn from the Equifax breach:
Cybersecurity is crucial.
Data breaches can have serious consequences.
businesses need to be prepared for cyber attacks.
It is essential to have robust security measures in place.
Cyber attacks can happen to any business, no matter how big or small.
Cybersecurity is an ongoing process, not a one-time event.
There is no such thing as 100% security.
Cybersecurity is a team effort.
Education is key to cybersecurity.
The best defense against cyber attacks is a good offense.
Equifax’s massive data breach is a good reminder of the importance of protecting your personal information. While it’s impossible to prevent every attack, there are some steps you can take to make yourself less vulnerable.
That’s all for this one.
Keep grinding, Hoodies.
WAGMI
Your fren,
-Cyber
