Report Examines Unanswered Questions Around Target Attack

  • 28 August 2014
  • 2 replies
  • 380 views

Userlevel 7
By Eduard Kovacs on August 28, 2014 Cybersecurity startup Aorato has published a report around the data breach suffered in 2013 by Target, which investigates some of the techniques used by the attackers to gain access to the company's networks.
The attack, which resulted in the theft of 40 million payment cards and 70 million personally identifiable information records, caused financial damage of tens of millions of dollars. In a statement made earlier in August, Target reported that, in the second quarter of 2014, it expects to record gross breach-related expenses of $148 million (partially offset by the recognition of a $38 million insurance receivable).
Since the breach came to light, all aspects of the story have been analyzed by the media and security experts, and now, based on publicly available information, Aorato has reviewed the steps taken by the attackers, from the HVAC (heating, ventilation, and air conditioning) contractor breach up to the theft of sensitive information from the retailer's networks.
In the first phase of the operation, the attackers installed malware (Citadel) on the systems of Target's HVAC contractor in an effort to steal credentials. Then, the stolen credentials were used to access one of the Web applications made available by the retailer for vendors. However, none of these applications the attackers had access to allowed the arbitrary command execution needed to compromise the underlying server. Experts believe that the cybercriminals leveraged a vulnerability in the application to upload a backdoor that enabled them to upload files and execute commands.
 
SecurityWeek/ full article here/ http://www.securityweek.com/report-examines-unanswered-questions-around-target-attack

2 replies

Userlevel 7
Badge +56
That is some interesting new info on the event. This is turning out to be like something from a movie, like Oceans 11.
Userlevel 7
Oceans 11 great movie with top stars......being a movie buff I had to reply on this one:-)

Reply