Equifax Can’t Stay Out Of The News
It has been just over a month since Equifax notified the public of their devastatingly large data breach of a now-estimated 145.5 million accounts, and it looks like Equifax is still having difficulties when it comes to securing their website. Early this morning, Ars Technica reported that the official Equifax website was potentially compromised once again; this time, the discovery being made by a security analyst by the name of Randy Abrams.
No additional data has been stolen, so far as we know, but users are instead being redirected to a different domain which would display a fake Adobe Flash update (pictured below). Interacting with the displayed content would then lead to adware being installed on the user’s computer. Note: it was also reported that only 3 of 65 antiviruses picked up on the adware (Panda, Symantec, and Webroot).
Know How To Protect Yourself From Fake Updates
Equifax is well aware of the issue and has temporarily shut down the associated customer help web pages in response to this compromise. This attack, however, gives us an opportunity to learn from this adware distribution tactic. A few items to note:
- Be wary of unprompted redirects to other web pages, even if (especially) it originates from an advertisement.
- Go to the source. Fake updates are not an uncommon method of spreading malware. The safest way to protect yourself if you are uncertain whether this type of an update is legitimate or not is to simply go to the Adobe website and check for a new update.
- Know how to get out of the situation safely. If you are redirected to a page like the one shown above, do not interact with it directly, you may be putting yourself at risk. Either back out of that webpage or close it out altogether (example below – green circles are ok; avoid the areas circled in red – do not click on anything relating to the popup or the website). Additionally, if you are dealing with a simple popup, holding down ALT and hitting F4 on your keyboard will close the popup with no need for further interaction.
All in all, we know very little of how this all happened thus far. There is speculation that this attack may have originated from an advertisement, or it could have been the result of another compromise of the Equifax website. More information is sure to come; in the meantime, stay safe – and watch what you click.
Written by: Cole Ponto
Information Security Consultant - SBS CyberSecurity
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.