Story 2014-03-14 3FX Target Had Multiple Chances to Stop Breach

Target Had Multiple Chances to Stop Breach

by
in security on (#3FX)
story imageLate last year, US retailer Target had multiple IT failures that led to 40 million credit cards being leaked. Target lost more than $61 million in breach-related expenditures and incurred a significant decrease to holiday sales. Businessweek has a lengthy article laying out the failures, among them:
  • Despite installing FireEye's monitoring technology, security administrators disabled FireEye's option to automatically delete malware as it is detected, allowing the unclassified 'malware.binary' through.
  • When Target India's team received the first critical alert from FireEye, they notified the security team at Target's Headquarters in Minneapolis Minnesota, USA, but the report was ignored or simply no action was taken on it.
  • Additional critical alerts were generated, but apparently no action was taken on them.
  • Symantec Endpoint Protection detected odd behavior on the same server as detected by FireEye, but this did not raise concern.
  • The initial illicit access was gained by an outside vendor's stolen credentials, which should not have given as much network access as it did.
Although the data was copied through a few hops in the US, the destination was ultimately traced to Russia. Analysis of the binaries shows that the malware itself was unsophisticated and included a possible hacker's alias in the 'exfiltration code'.
Reply 1 comments

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1524

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1533

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 82
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [591] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [591] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]