As we continue to learn more about the massive breach at Equifax that exposed the sensitive information of 143 million Americans, officials now believe they have discovered how the attack was executed.
The May hack stems from an Apache Struts bug that was patched in March, two months prior.
The specific vulnerability in question, Apache Struts CVE-2017-5638, exploits specially crafted HTTP headers to allow attackers to execute arbitrary commands on the victim’s machine. The vulnerability was labeled as “massive” and was used to exploit countless websites. Two working versions of the attack were also made publicly available online.
Many large institutions such as banks, government agencies and some of the world’s top companies use Apache Struts for their web apps.
Vulnerabilities like these happen from time to time and are extremely hard to avoid. This is why developers strongly recommend installing patches as soon as they are available. While Equifax has not officially stated whether or not they patched the bug, there is no real alternative explanation to how the attack could have occurred.
This type of attack is easy for hackers to carry out and labor-intensive for companies to fix. Patching the vulnerability involves manually updating, testing and then re-deploying all Apache Struts web apps that a company uses.
We’ll have to wait for the final incident report to know exactly what those web servers were running. Given what we now know, it appears that Equifax’s negligence in maintaining their systems is the root cause for one of the financial industry’s biggest breaches.