Attacks/Equifax Data Breach
CRITICAL SEVERITY

Equifax Data Breach

2017
data breach

Data breach exposing 147 million Americans SSNs and credit info.

financial
Simulate Attack

!What Happened

Attackers exploited unpatched Apache Struts vulnerability. Data exfiltrated over 76 days.

Vulnerability Exploited

CVE-2017-5638 - Apache Struts RCE

Attack Flow

1
recon

Web Scanning

Finding vulnerable Struts

[SCAN] Testing CVE-2017-5638...
2
exploitation

Struts Exploit

Header injection RCE

[EXPLOIT] Web shell uploaded
3
actions

Data Extraction

147M records stolen

[EXFIL] 147M records extracted

💥Impact

$700M+ settlement. CEO resigned.

Records Compromised
147,000,000
Financial Cost
$700+ million settlement

🔧Technical Details

Target System
Equifax Server
server • Linux
Apache
Attacker Profile
Attacker
workstation • Linux
Vulnerability / CVE
CVE-2017-5638 - Apache Struts RCE

📅Attack Timeline

Initial Attack
2017
Attack initiated and vulnerability exploited
Discovery & Impact
Shortly after 2017
$700M+ settlement. CEO resigned.
Response & Mitigation
Remediation Phase
Patched Struts. Credit monitoring offered.

🎯Is This Attack Still Relevant Today?

Data breaches continue to occur at an alarming rate. The lessons from Equifax Data Breach about proper security hygiene, patch management, and data encryption remain critically relevant. Similar vulnerabilities are still being exploited today.

⚠️ Still Active Threat

💡Key Takeaways

  • Timely patching critical.
  • Encrypt sensitive data at rest and in transit
  • Implement principle of least privilege for data access
  • Timely patching of known vulnerabilities is crucial
  • Key defense: Patch Apache Struts - Completely prevents Struts exploitation

Defense Applied

Patched Struts. Credit monitoring offered.

Lessons Learned

Timely patching critical.

Attacker Tools

Struts Exploit
CVE-2017-5638 kit

Defense Options

Patch Apache Struts
Apply CVE-2017-5638 security patch immediately
Web Application Firewall Rules
Deploy WAF rules to filter malicious Content-Type headers
Database Encryption at Rest
Encrypt sensitive data stored in database
Data Loss Prevention
Monitor and block large data transfers
Basic Perimeter Firewall
Traditional firewall without deep packet inspection

MITRE ATT&CK

Tactics
Initial AccessExfiltration
Techniques
T1190