Scribd Logo
Upload

Welcome to Scribd!

  • FDS2022 Apr Week 08 - Intro To Cybersecurity

    Uploaded by

    Travis Teoh
    12 views2 pages
    1. Equifax, one of the largest credit rating agencies in the US, suffered a major cyberattack in 2017 that compromised the personal information of over 148 million people. 2. Hackers exploited an Apache Struts vulnerability known as CVE-2017-5638 to gain access to Equifax's network over a period of 76 days before being discovered. 3. The vulnerability was disclosed two months before the attack began, but Equifax failed to implement the recommended patches in time, demonstrating that the breach was preventable with proper security updates and precautions.

    Original Description:

    Original Title

    FDS2022 Apr Week 08 - Intro to Cybersecurity

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. Equifax, one of the largest credit rating agencies in the US, suffered a major cyberattack in 2017 that compromised the personal information of over 148 million people. 2. Hackers exploited an Apache Struts vulnerability known as CVE-2017-5638 to gain access to Equifax's network over a period of 76 days before being discovered. 3. The vulnerability was disclosed two months before the attack began, but Equifax failed to implement the recommended patches in time, demonstrating that the breach was preventable with proper security updates and precautions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views2 pages

    FDS2022 Apr Week 08 - Intro To Cybersecurity

    Uploaded by

    Travis Teoh
    1. Equifax, one of the largest credit rating agencies in the US, suffered a major cyberattack in 2017 that compromised the personal information of over 148 million people. 2. Hackers exploited an Apache Struts vulnerability known as CVE-2017-5638 to gain access to Equifax's network over a period of 76 days before being discovered. 3. The vulnerability was disclosed two months before the attack began, but Equifax failed to implement the recommended patches in time, demonstrating that the breach was preventable with proper security updates and precautions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Official (Closed) - Non Sensitive

    Page 1 of 2

    Fundamentals of Digital Skills Week 08


    Polytechnic Foundation Program
    Academic Year 2022/23 Async

    Introduction To Cybersecurity

    Objectives

     To understand the importance of Cybersecurity, the types of threats and how to put
    in safeguards to avoid cybersecurity threats

    1. Case-Study Question - Security Breach at Equifax

    In May 2017, it was revealed that Equifax has joined other high-profile companies including
    Marriott, Home Depot Inc., Target Corporation, Blue Cross and Yahoo! as a victim of
    cyberattacks. Equifax is one of the largest credit-rating companies in the United States and
    operates or has investments in 24 countries and employs over 11,000 employees worldwide.

    Hackers gained access to the Equifax network in mid-May 2017 and attacked the company
    for 76 days. In July 29, 2017, Equifax staff discovered the intrusion during routine checks of
    the operating status and configuration of IT systems. This was 76 days after the initial attack.

    Hackers accessed Social Security numbers, dates of birth, home addresses, and some
    driver’s license numbers and credit card numbers, which impacted over 148 million people.
    The security system at the company did not keep up with the aggressive company growth
    and the company failed to modernize its security system. According to the report the
    company did not take action to address vulnerabilities that it was aware of prior to the attack.

    According to Equifax, hackers exploited a software vulnerability known as Apache Struts


    CVE-2017-5638. This vulnerability was disclosed back in March 2017. There were clear and
    simple instructions of how to fix the problem from the software provider Apache. It was the
    responsibility of Equifax to follow the recommendations offered by Apache right away.

    According to Apache, software patches were made available in March two months before
    hackers began accessing Equifax data. In addition to the previously mentioned vulnerability,
    the hackers found a file containing unencrypted usernames and passwords. Hackers also
    found an expired security certificate on a device for monitoring network traffic. This indicated
    that Equifax did not detect that data was being stolen.
    (Extracted from the case scenario in Textbook MIS 10e by Hossein Bidgoli, Cengage 2020)

    FDS 2022/23 Last update: 15/04/2022


    Week 08
    Official (Closed) - Non Sensitive

    Page 2 of 2

    Questions:

    (a) Which vulnerability enabled hackers to breach the security system at Equifax?

    (b) Was the breach preventable? Explain your answer.

    2. Submission

    Submission of work:

    a. Save and upload all the completed activities as advised by your tutors.

    b. You should have submitted a total of 1 file:


    XX – MyName – Intro to Cybersecurity.docx

    where XX – refers to your class register number


    And MyName refers to your name in NPAL

    FDS 2022/23 Last update: 15/04/2022


    Week 08

    You might also like