Scribd Logo
Upload

Welcome to Scribd!

  • Target's Breach ISM

    Uploaded by

    Firoz Ahmad
    3 views8 pages
    The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.

    Original Description:

    Original Title

    Target's Breach ISM

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views8 pages

    Target's Breach ISM

    Uploaded by

    Firoz Ahmad
    The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    GROUP 9 | ISM

    CYBER BREACH
    AT TARGET
    Group Members:
    1. Pranita Naskar - 2019IPM087
    2. Jasneet Kaur-2022PGP589
    3. Sayed Firoz Ahmad- 2022PGP346
    4. Pushkaran M- 2022PGP301
    5. Vishal Das - 2022PGP580

    7TH NOVEMBER 2022 GROUP 9 | SECTION-C


    COMPANY OVERVIEW
    George Dayton established a Minneapolis Department Store in
    1902, followed by a discount store in 1909. Target was opened in
    1962 by The Dayton Company. It differentiated from its
    competitors in the following ways:

    Quality Goods, Low Prices


    Trendy Merchandise at Discount Prices
    Supermarket Discounts
    It embodied the slogan "Pay Less, Expect More". For FY13, Target's
    revenues were over $72 Billion, CAGR of 2.8%. It operated 1797
    stores in the US and 122 in Canada. Every Target store had 80,000
    SKUs and donated 5% of its profits ($4 million/week).

    7TH NOVEMBER 2022 GROUP 9 | SECTION-C


    TECHNICAL ANGLE OF THE BREACH
    TECHNOLOGIES USED BY TARGET AND ITS SHORTCOMINGS

    Fazio Mechanical Services, the ventilation vendor for Target used


    "Malwarebytes Anti-Malware" which was prohibited for corporate
    use. Their credentials were hacked.
    Using Fazio's credentials hackers accessed Target's electronic billing,
    and project management networks.
    There was a route between Fazio and Target's payment data network
    and there was no 2-factor authentication to prevent it.
    Hackers installed a Ram scrapping malware called Citadel in Target's
    POS systems and collected encrypted payment data and stored the
    data in Target's systems by creating proxy/dummy servers.
    Target received PCIDSS standards compliance from Trustwave
    holdings whose other customers also faced security breach issues

    7TH NOVEMBER 2022 GROUP 9 | SECTION-C


    RAM-SCRAPPING MALWARE

    Memory scrapping malware that targets the encrypted data present


    in a computer system's memory in text format.
    RAM scrapping malware intercepts the data when the code sees 16
    characters ending with 0 or special characters which was the case in
    credit card data.

    DATA STOLEN BY THE HACKERS

    40 million users credit card data were hacked.


    PIN information was also hacked.
    Around 110 million users personal information such as name, email
    address, and mobile numbers.
    Security numbers were also hacked for the users that used Target's
    flagship credit card product REDcard.
    IMPLICATIONS OF DATA BREACH
    DATA BREACH LED TO LOSS TO COMPANY & ITS SHAREHOLDERS.

    Loss of Firms' Reputation and decline in brand value.


    Loss of Revenue, had to offer 10% discount to draw customers back
    to the store.
    Exposure to Government Enforcement actions & private litigation
    Firm faced lawsuits from 81 consumers, 28 banks & 4 shareholders.
    Costs incurred in lieu of making several settlements, fines imposed
    & litigation expenses.
    Settlements to cover up the consumer losses.
    Increased cost of capital due to ratings downgrade.
    Lost existing customers trust.

    7TH NOVEMBER 2022 GROUP 9 | SECTION-C


    COMPETITORS

    7TH NOVEMBER 2022 GROUP 9 | SECTION-C


    REASON OF ATTACK
    ATTACKERS SENT EMAILS WITH MALWARE TO
    FAZIO(EXTERNAL VENDOR) WHICH HELPED TO
    TAP INTO TARGET'S DATABASE.
    IN SECOND PHASE THROUGH EMAIL
    ATTACHMENTS LIKE PDF THE HACKER
    MECHANISED THEIR MALWARE AND FAZIO'S
    ANTI MALWARE WAS OUTDATED/ RECONNAISSANCE WEAPONIZATION

    THIRD PHASE THE ATTACKER BEGAN PHISHING


    ATTACKS AND HACKED INTO TARGET SYSTEM
    USING FAZIO'S PASSWORD AND UPLOADED
    RAM SCRAPPING MALWARE IN EACH POS TO
    EXTRACT DATA FROM POS TERMINALS.FOURTH EXPLOITATION
    DELIVERY
    PHASE THE RAM MALWARE STARTED SCRAPING
    THE DATA OF MILLION OF CUSTOMERS

    FIFTH PHASE HACKERS USED FAZIO'S SYSTEM


    TO FURTHER BREACH TARGET NETWORK AND
    TARGET ANTI MALWARE SYSTEM WAS NOT COMMAND AND
    LOOKED INTO BECAUSE IT WAS GIVING INSTALLATION
    CONTROL
    "MALWARE .BINARY" FLAG
    SIXTH PHASE ATTACKERS GAINED REMOTE
    ACCESS TO TARGET'S DATABASE AND STARTED
    TRANSFERING DATA FROM TARGET NETWORK
    TO THEIR'S.
    ACTIONS AND OBJECTIVES

    IN THE LAST PHASE HACKERS EXTRACTED THE


    DATA TO SERVERS IN RUSSIA
    HOW TARGET COULD HAVE AVOIDED
    THE BREACH ?
    TARGET SHOULD HAVE DELETED ANY
    UNNEDED DEFAULT ACCOUNT FROM
    CROSS CHECKING EXTERNAL
    THEIR NETWORK TO PREVENT ANY
    VENDORS TECHNOLOGY CAPABILITY.
    ATTACKS

    TARGET SHOULD HAVE PAID TARGER SHOULD HAVE CREATED A


    ATTENTION TO ALERTS SENT BY SCEURITY WALL WHERE UNNEDED
    FIREEYE SOFTWARE OR IT COULD ACCESS UNRELATED TO THE VENDOR
    HAVE AUTOMATICALLY REMOVED DOMAIN SHOULD HAVE BEEN
    THE MALWARE. BLOCKED

    TARGET COULD HAVE INSTALLED


    AND UPDATED HIGH QUALITY ANTI FOR THIRD PARTY VENDOR TWO
    MALWARE SOFTWARES WHICH FACTOR AUTHENTICATION WOULD
    WOULD AUTOMATICALLY REMOVE HAVE MADE ONLY GENUINE USERS
    SUCH UNAUTHORISED ACCESS ENTER THE NETOWRK OF TARGET

    You might also like