Lay off the marketing plugins. Equifax hit with fake Flash update.

The Equifax website borked again, this time to redirect to fake Flash update (arstechnica.com). This is the latest episode in the sad saga of insecurity at the embattled Atlanta-based credit reporting giant. Atlanta is known for a healthy information security ecosystem and the Georgia Institute of Technology and Kennesaw State University both have cybersecurity programs at the undergraduate and graduate level. If Equifax cared to hire security minded people to work in key areas they could.

Certainly more details of this attack will emerge but there is “a strong case that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects.” My advice for any website operator is to lay off on the marketing plugins and JavaScript widgets that your SEO team loves so much. Focus on your core technology and remember that attacks on your technology supply chain can lead to significant security incidents for your company.