Equifax breach highlights the importance of layered security
More evidence points to the use of a zero-day exploit in the recent Equifax breach, as the hack took place 4 months after the public disclosure of the vulnerability. This is why the world needs layered security.
Why attacks are still successful
A simple application firewall blocks this specific attack. A monitoring solution would have discovered attack patterns. Through Digital Risk Monitoring and vulnerability management, the visibility of Struts in their attack surface would have been limited.
Why most attacks are succesful:
- Vulnerability management is only implemented on the main website (www.<company>.xyz)
- Vulnerability management is not a continuous process
- Organizations do not know their entire online attack surface
A simple model (based on OSI/NIST) would mitigate most attacks:
- Continously monitor your attack surface using Digital Risk Monitoring
- Perform continuous vulnerability assessment
- Make security a process, not a technical add-on
Check your attack surface
In March we already had a test run with the previous Struts bug. You can easily check if you are vulnerable by checking for the presence of “Java” server-side applications.
If you need help with finding out whether you are vulnerable, contact us.
Official statement by the Apache foundation in response to the Equifax report: https://blogs.apache.org/
20 young people including 10 American youngsters from Albuquerque and the Navajo Nation in New Mexico will be welcomed in The Hague by Cybersprint on 21 March 2019. The young coding talents will learn how to use their coding and hacking skills in a positive way and to make the digital world safer. They will also see real life examples of how they could use these skills to increase their career opportunities. The programme is part of the CyberHeroes-week which is set up by Cyberworkplace in Rotterdam and the American Embassy in The Hague.read more
30 master students visited the HSD campus as part of the ‘Entrepreneurial Skills Course’. Cybersprint set three of the students a business challenge to solve.read more
The Minister of Health has issued an investigation to determine whether all Dutch healthcare organisations should be aligned to Z-CERT.read more
Do you have a question?