Hackers accessed Target systems using stolen vendor credentials

Share this article:

Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale (POS) machines, ultimately resulting in the theft of 40 million payment cards, CVV numbers and encrypted PIN codes, among troves of other information.

“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system,” Molly Snyder, a Target spokeswoman, told SCMagazine.com in a Thursday email.

Trey Ford, global security strategist with Rapid7, told SCMagazine.com on Thursday that one of the ways the attackers may have attained the vendor credentials is by gaining access to private emails. He said it is common for criminals to use compromised email accounts to reset passwords to other accounts.

“Deception-based attacks become easy when criminals assume your identity,” Ford said. “The Information Technology industry would be wise to focus more energy on verifying user behaviors against known patterns.”

Ford said it is important to find ways of alerting, or forcing a stronger authentication event, when a major deviation occurs.

“The major credit card brands have provided a model,” Ford said. “The frozen card due to unusual spending is actually a comforting thing.”

Eric Chiu, president and cofounder of HyTrust, told SCMagazine.com in a Thursday email that this revelation underscores the danger of the insider threat. “The bad guys are now using advanced threats to steal credentials and pose as employees, and once on the network, they look the same as good guys,” he wrote.

Access controls, role-based monitoring and data security are pivotal to securing against insider threats, according to Chiu.

When news of a massive Target breach began spreading in mid-December 2013, SCMagazine.com learned that First Data Corporation is one of the payment processors for Target. A First Data spokesperson told SCMagazine.com then that the company had no indication its systems were involved in the Target breach.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.