Equifax, one of the largest credit reporting services in the U.S. disclosed a compromise of individuals credit reporting profiles, which included social security numbers, birth dates and more. The information disclosed on 143 Million plus individuals, if used maliciously, could result in lines of credit being opened fraudulently, plus many other financial crimes against impacted victims. Equifax reported that they brought in a cyber security firm, yet there own website, Equifax.com, still is not correctly using available security encryption technology to fully secure the Equifax.com domain against rogue DNS attacks, whereby an attacker can inject themselves in between an end user and the website. Allegedly, they hired Mandiant’s service firm fireeye.com. A quick check on that domain shows that firm too isn’t using DNSSEC correctly to protect their website from DNS attacks. http://dnsviz.net/d/fireeye.com/analyze/
This type of attack, known as a Man in the Middle Attack (“MITM”) can be thwarted by companies who correctly deploy DNSSEC to protect their end users. A recent report generated today shows that Equifax.com has not yet properly secured their certificate with DNSSEC from the root .com domain downward.
I wrote a post previously that explains DNSSEC in more detail and why it is important. If anyone knows someone at Equifax, please pass this along to them. They or others may need my help fixing this problem!
I encourage anyone reading this to test your own organization and any organization you do business with.
NIST has some excellent resources that discusses how best to secure email and webservers. Everyone should be paying attention to this, especially financial service providers!