Target Had Multiple Chances to Stop Breach
Late last year, US retailer Target had multiple IT failures that led to 40 million credit cards being leaked, and more than $61 million in breach-related expenditures, as well as a significant cut into their holiday profits. Businessweek has a lengthy article laying out the failures, among them:
Though the data was copied through a few hops in the US, it ultimately was traced to Russia. Analysis the binaries shows the malware itself was unsophisticated, and included a possible hacker's alias in the 'exfiltration code'.
- Despite installing FireEye's monitoring technology, security administrators disabled FireEye's option to automatically delete malware as it is detected, allowing the unclassified 'malware.binary' through.
- When Target India's team received the first critical alert from FireEye, they notified the security team at Target's Headquarters in Minneapolis Minnesota, USA, but the report was ignored or simply no action was taken on it.
- Additional critical alerts were generated, but apparently no action was taken on them.
- Symantec Endpoint Protection detected odd behavior on the same server as detected by FireEye, but this did not raise concern.
- The initial illicit access was gained by an outside vendor's stolen credentials, which should not have given as much network access as it did.
Though the data was copied through a few hops in the US, it ultimately was traced to Russia. Analysis the binaries shows the malware itself was unsophisticated, and included a possible hacker's alias in the 'exfiltration code'.