Hackers accessed Target systems using stolen vendor credentials

Share this article:

Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale (POS) machines, ultimately resulting in the theft of 40 million payment cards, CVV numbers and encrypted PIN codes, among troves of other information.

“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system,” Molly Snyder, a Target spokeswoman, told SCMagazine.com in a Thursday email.

Trey Ford, global security strategist with Rapid7, told SCMagazine.com on Thursday that one of the ways the attackers may have attained the vendor credentials is by gaining access to private emails. He said it is common for criminals to use compromised email accounts to reset passwords to other accounts.

“Deception-based attacks become easy when criminals assume your identity,” Ford said. “The Information Technology industry would be wise to focus more energy on verifying user behaviors against known patterns.”

Ford said it is important to find ways of alerting, or forcing a stronger authentication event, when a major deviation occurs.

“The major credit card brands have provided a model,” Ford said. “The frozen card due to unusual spending is actually a comforting thing.”

Eric Chiu, president and cofounder of HyTrust, told SCMagazine.com in a Thursday email that this revelation underscores the danger of the insider threat. “The bad guys are now using advanced threats to steal credentials and pose as employees, and once on the network, they look the same as good guys,” he wrote.

Access controls, role-based monitoring and data security are pivotal to securing against insider threats, according to Chiu.

When news of a massive Target breach began spreading in mid-December 2013, SCMagazine.com learned that First Data Corporation is one of the payment processors for Target. A First Data spokesperson told SCMagazine.com then that the company had no indication its systems were involved in the Target breach.

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.