Last month we wrote about the biggest hack of sensitive personal data in history. Equifax, the financial entity that manages data for more than 820 million consumers and more than 91 million businesses around the world, suffered a global attack by an organized group called the PastHole Hacking Team, affecting customer data not only from the United States, but also Canada and the United Kingdom.
Following the recent events, it has come to light that the massive hacking attack is not the only grievance that the company has suffered. As it turns out, there was also malware on the company’s website.
Ars Technica reports that a security analyst named Randy Abrams came to the site to check his credit information when he encountered a fake Adobe Flash installer, one of those pop-ups that abound on the internet and demand that you “click here”, only to redirect you to some malicious site full of internet junk.
The subsequent analysis revealed that the “promoted” malicious software is called Adware.Eorezo and is marked as malware by only three cybersecurity solutions in the world, including Panda Security, testament to the great effort that went into hiding the code so as to cause as much damage as possible.
Now, the question is, how did attackers manage to slip past the security barriers at Equifax, a site with troves of incredibly sensitive data? Things may have turned out differently with the right security solution. Only unlimited visibility and total real-time control of advanced threats can be effective in protecting the IT infrastructure.