CSTI
    breachThe Commercial Era (2010-2019) Daily Briefing Landmark Event

    Cybersecurity Briefing: Fallout from Equifax Breach & Bad Rabbit Malware

    Tuesday, October 31, 2017

    Today, October 31, 2017, the cybersecurity landscape is shaped by the continuing fallout from the massive Equifax data breach and the emergence of new malware threats like Bad Rabbit.

    1. Equifax Data Breach Continues to Dominate Discussions In a disclosure published earlier today, discussions intensify around the Equifax data breach, which has affected approximately 147.9 million individuals. This incident stems from an unpatched vulnerability in Apache Struts (CVE-2017-5638). Despite the vulnerability being publicly disclosed and a patch available since March 2017, Equifax failed to apply the necessary updates, allowing attackers to exfiltrate sensitive data, including Social Security numbers and financial information, over several months. This breach has sparked significant scrutiny over Equifax's cybersecurity practices and raised questions about the adequacy of their data protection measures. The implications of this breach extend beyond individual privacy, as it has prompted calls for stricter regulations and improved cybersecurity hygiene across the industry.

    2. Rise of Bad Rabbit Malware Overnight, security analysts reported on a new strain of malware named "Bad Rabbit," which primarily targets systems in Russia and Ukraine. Similar to previous incidents like WannaCry and NotPetya, Bad Rabbit demonstrates the ongoing vulnerabilities within critical infrastructure and the urgent need for robust cybersecurity defenses. The malware employs a ransomware model, encrypting files and demanding a ransom for decryption, thereby interrupting business operations and posing threats to organizational integrity. The rapid spread of Bad Rabbit emphasizes the necessity for organizations to implement comprehensive security measures and enhance their response capabilities against emerging threats.

    3. National Cyber Security Awareness Month This month is designated as National Cyber Security Awareness Month (NCSAM), a campaign aimed at promoting cybersecurity awareness among individuals and organizations alike. As we conclude October, the emphasis on cybersecurity education and awareness is more crucial than ever, especially in light of the Equifax breach and the emergence of sophisticated malware like Bad Rabbit. NCSAM serves as a reminder of the importance of proactive cybersecurity measures, including timely software updates and awareness training to mitigate risks.

    Conclusion In summary, the events of today highlight significant challenges in the cybersecurity realm. The Equifax breach underscores the peril of neglecting patch management and the dire consequences that can ensue, while the rise of Bad Rabbit malware illustrates the ever-evolving threat landscape. Together, these incidents reinforce the critical necessity for organizations to prioritize cybersecurity hygiene and prepare for increasingly sophisticated attacks.

    Sources

    Equifax Bad Rabbit CVE-2017-5638 malware cybersecurity awareness