More evidence points to the use of a zero-day exploit in the recent Equifax breach, as the hack took place 4 months after the public disclosure of the vulnerability. This is why the world needs layered security.
Why attacks are still successful
A simple application firewall blocks this specific attack. A monitoring solution would have discovered attack patterns. Through Digital Risk Monitoring and vulnerability management, the visibility of Struts in their attack surface would have been limited.
Why most attacks are succesful:
- Vulnerability management is only implemented on the main website (www.<company>.xyz)
- Vulnerability management is not a continuous process
- Organizations do not know their entire online attack surface
A simple model (based on OSI/NIST) would mitigate most attacks:
- Continously monitor your attack surface using Digital Risk Monitoring
- Perform continuous vulnerability assessment
- Make security a process, not a technical add-on
Check your attack surface
In March we already had a test run with the previous Struts bug. You can easily check if you are vulnerable by checking for the presence of “Java” server-side applications.
If you need help with finding out whether you are vulnerable, contact us.
Official statement by the Apache foundation in response to the Equifax report: https://blogs.apache.org/