Understanding Third-Party Attacks and the Target Data Breach
Explore the concept of third-party attacks, types of attacks like malware and phishing, and delve into the notorious Target data breach of 2013 where 40 million credit and debit card numbers were stolen due to network vulnerabilities and lack of proper security measures.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Third-Party Attacks MATTHEW COOK
Third-Party Attacks A broad definition to include the method a person might take to infiltrate a company s digital security measures in an effort to: Obtain sensitive data Prove a point Revenge
Types of Third-Party Attacks External Vendors Malware DDoS Exploitation Spoofing Phishing
The Attack on Target What happened? Between Nov 27th and Dec 15th 2013, 40 million credit and debit card numbers were stolen. How did it happen? Criminals obtained a network username and password from a contracting HVAC company. The credentials were used to install malware onto an approximate number of 40,000 machines across Target stores. Criminal Benefit? $27 on average, $135 at most on the black market. Potentially received $53.7 million in total.
What Went Wrong? Target has been criticized for several things. One to note, is the lack of segregation of activity on their networks. Target failed to separate POS transactions from other network activity. The credentials to their network were not maintained in a secure fashion. Maybe a multi-factor authentication procedure for vendors would have eliminated this particular vendor from being exploited. The alarms initiated by FireEye were overlooked and not investigated. Target s GRC procedures might have had, or continue to have, a flaw.
Resources Bank Info Security Target Breach: What Happened? http://www.bankinfosecurity.com/target-breach-what-happened-a-6312/op-1 Bloomberg Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It http://www.bloomberg.com/bw/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data Business Insider Here What Happened to Your Target Data That Was Hacked http://www.businessinsider.com/heres-what-happened-to-your-target-data-that-was-hacked-2014-10 Computer World Target breach happened because of a basic network segmentation error http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened-because-of-a-basic-network-segmentation-error.html Target, Corporation a message from CEO Gregg Steinhafel about Target s payment card issues https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca
