The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.
The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.
The document discusses a cyber breach that occurred at Target in 2013. Hackers were able to access Target's systems through credentials of an HVAC vendor called Fazio that Target had hired. The hackers installed malware on Target's point-of-sale systems that was able to scrape payment card data from the systems' memory. In total, over 40 million customers' payment card details and 110 million customers' personal information were stolen. The breach led to significant financial and reputational costs for Target. It also discusses security measures Target could have taken to prevent the breach, such as better access controls between systems and use of multi-factor authentication.
CYBER BREACH AT TARGET Group Members: 1. Pranita Naskar - 2019IPM087 2. Jasneet Kaur-2022PGP589 3. Sayed Firoz Ahmad- 2022PGP346 4. Pushkaran M- 2022PGP301 5. Vishal Das - 2022PGP580
7TH NOVEMBER 2022 GROUP 9 | SECTION-C
COMPANY OVERVIEW George Dayton established a Minneapolis Department Store in 1902, followed by a discount store in 1909. Target was opened in 1962 by The Dayton Company. It differentiated from its competitors in the following ways:
Quality Goods, Low Prices
Trendy Merchandise at Discount Prices Supermarket Discounts It embodied the slogan "Pay Less, Expect More". For FY13, Target's revenues were over $72 Billion, CAGR of 2.8%. It operated 1797 stores in the US and 122 in Canada. Every Target store had 80,000 SKUs and donated 5% of its profits ($4 million/week).
7TH NOVEMBER 2022 GROUP 9 | SECTION-C
TECHNICAL ANGLE OF THE BREACH TECHNOLOGIES USED BY TARGET AND ITS SHORTCOMINGS
Fazio Mechanical Services, the ventilation vendor for Target used
"Malwarebytes Anti-Malware" which was prohibited for corporate use. Their credentials were hacked. Using Fazio's credentials hackers accessed Target's electronic billing, and project management networks. There was a route between Fazio and Target's payment data network and there was no 2-factor authentication to prevent it. Hackers installed a Ram scrapping malware called Citadel in Target's POS systems and collected encrypted payment data and stored the data in Target's systems by creating proxy/dummy servers. Target received PCIDSS standards compliance from Trustwave holdings whose other customers also faced security breach issues
7TH NOVEMBER 2022 GROUP 9 | SECTION-C
RAM-SCRAPPING MALWARE
Memory scrapping malware that targets the encrypted data present
in a computer system's memory in text format. RAM scrapping malware intercepts the data when the code sees 16 characters ending with 0 or special characters which was the case in credit card data.
DATA STOLEN BY THE HACKERS
40 million users credit card data were hacked.
PIN information was also hacked. Around 110 million users personal information such as name, email address, and mobile numbers. Security numbers were also hacked for the users that used Target's flagship credit card product REDcard. IMPLICATIONS OF DATA BREACH DATA BREACH LED TO LOSS TO COMPANY & ITS SHAREHOLDERS.
Loss of Firms' Reputation and decline in brand value.
Loss of Revenue, had to offer 10% discount to draw customers back to the store. Exposure to Government Enforcement actions & private litigation Firm faced lawsuits from 81 consumers, 28 banks & 4 shareholders. Costs incurred in lieu of making several settlements, fines imposed & litigation expenses. Settlements to cover up the consumer losses. Increased cost of capital due to ratings downgrade. Lost existing customers trust.
7TH NOVEMBER 2022 GROUP 9 | SECTION-C
COMPETITORS
7TH NOVEMBER 2022 GROUP 9 | SECTION-C
REASON OF ATTACK ATTACKERS SENT EMAILS WITH MALWARE TO FAZIO(EXTERNAL VENDOR) WHICH HELPED TO TAP INTO TARGET'S DATABASE. IN SECOND PHASE THROUGH EMAIL ATTACHMENTS LIKE PDF THE HACKER MECHANISED THEIR MALWARE AND FAZIO'S ANTI MALWARE WAS OUTDATED/ RECONNAISSANCE WEAPONIZATION
THIRD PHASE THE ATTACKER BEGAN PHISHING
ATTACKS AND HACKED INTO TARGET SYSTEM USING FAZIO'S PASSWORD AND UPLOADED RAM SCRAPPING MALWARE IN EACH POS TO EXTRACT DATA FROM POS TERMINALS.FOURTH EXPLOITATION DELIVERY PHASE THE RAM MALWARE STARTED SCRAPING THE DATA OF MILLION OF CUSTOMERS
FIFTH PHASE HACKERS USED FAZIO'S SYSTEM
TO FURTHER BREACH TARGET NETWORK AND TARGET ANTI MALWARE SYSTEM WAS NOT COMMAND AND LOOKED INTO BECAUSE IT WAS GIVING INSTALLATION CONTROL "MALWARE .BINARY" FLAG SIXTH PHASE ATTACKERS GAINED REMOTE ACCESS TO TARGET'S DATABASE AND STARTED TRANSFERING DATA FROM TARGET NETWORK TO THEIR'S. ACTIONS AND OBJECTIVES
IN THE LAST PHASE HACKERS EXTRACTED THE
DATA TO SERVERS IN RUSSIA HOW TARGET COULD HAVE AVOIDED THE BREACH ? TARGET SHOULD HAVE DELETED ANY UNNEDED DEFAULT ACCOUNT FROM CROSS CHECKING EXTERNAL THEIR NETWORK TO PREVENT ANY VENDORS TECHNOLOGY CAPABILITY. ATTACKS
TARGET SHOULD HAVE PAID TARGER SHOULD HAVE CREATED A
ATTENTION TO ALERTS SENT BY SCEURITY WALL WHERE UNNEDED FIREEYE SOFTWARE OR IT COULD ACCESS UNRELATED TO THE VENDOR HAVE AUTOMATICALLY REMOVED DOMAIN SHOULD HAVE BEEN THE MALWARE. BLOCKED
TARGET COULD HAVE INSTALLED
AND UPDATED HIGH QUALITY ANTI FOR THIRD PARTY VENDOR TWO MALWARE SOFTWARES WHICH FACTOR AUTHENTICATION WOULD WOULD AUTOMATICALLY REMOVE HAVE MADE ONLY GENUINE USERS SUCH UNAUTHORISED ACCESS ENTER THE NETOWRK OF TARGET