Story 3FX Target Had Multiple Chances to Stop Breach

Target Had Multiple Chances to Stop Breach

by
in security on (#3FX)
story imageLate last year, US retailer Target had multiple IT failures that led to 40 million credit cards being leaked. Target lost more than $61 million in breach-related expenditures and incurred a significant decrease to holiday sales. Businessweek has a lengthy article laying out the failures, among them:
  • Despite installing FireEye's monitoring technology, security administrators disabled FireEye's option to automatically delete malware as it is detected, allowing the unclassified 'malware.binary' through.
  • When Target India's team received the first critical alert from FireEye, they notified the security team at Target's Headquarters in Minneapolis Minnesota, USA, but the report was ignored or simply no action was taken on it.
  • Additional critical alerts were generated, but apparently no action was taken on them.
  • Symantec Endpoint Protection detected odd behavior on the same server as detected by FireEye, but this did not raise concern.
  • The initial illicit access was gained by an outside vendor's stolen credentials, which should not have given as much network access as it did.
Although the data was copied through a few hops in the US, the destination was ultimately traced to Russia. Analysis of the binaries shows that the malware itself was unsophisticated and included a possible hacker's alias in the 'exfiltration code'.
Reply 1 comments

Interesting article... (Score: 2, Funny)

by norstadt@pipedot.org on 2014-03-14 17:15 (#JF)

Who would have thought that Target IT security was almost good enough to catch the hackers?