by Armond Caglar - Senior Threat Specialist, TSC Advantage - Friday, 20 June 2014.
By now, every security professional in the world should know the story about Fazio Mechanical Services. The Pennsylvania-based company specializes in heating, air conditioning and refrigeration services, and numerous large companies, including Target, trusted Fazio for its HVAC expertise. Fazio’s level of security expertise, however, was another matter. Its reliance on a free version of a malware detection tool, plus its access to Target’s external billing system and online project management portals, plus a savvy attacker added up in 2013 to the fourth largest data breach of all time.
In every arena, smart enemies choose the path of least resistance. In the data security realm, that path increasingly goes through third-party vendors and subcontractors. Sophisticated, determined hackers have done their homework on the best and easiest ways to attack organizations and exfiltrate data, cause business disruption, or in the case of SCADA attacks, spark catastrophic incidents, such as failure of supply events.
Help Net Security/ full read here/ http://www.net-security.org/article.php?id=2055
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.