What Retailers Can Learn from Target Data Breach
If you’re a US shopper, there’s almost a 50% chance that your information was compromised in the Target breach. The personal and financial information of approximately 110 million people, comprising 11 GB of data, was stolen in a successful compromise during the Christmas shopping season. The attackers persisted undetected for almost 2 weeks, and is attributed to a cyber criminal in the Ukraine.
Anatomy of the Breach
The attacker first compromised a 3rd party contractor, who provides HVAC services to Target. The attacker probably used Target’s contractor portal as a point of presence to penetrate the internal network and compromise an internal Windows file server. Although the publicly disclosed forensics don’t include full details, it’s likely that the attacker first compromised the Windows server and used it to find and compromise the point-of-sale (POS) systems, where a trojan that finds clear-text copies of credit card magnetic stripe information was installed. The data was consolidated back on the Windows server, where it was exfiltrated to three (3) FTP servers at regular intervals.