Stolen vendor credentials is what led to a massive malware attack on Target’s point-of-sale (POS) machines, ultimately resulting in the theft of 40 million payment cards, CVV numbers and encrypted PIN codes, among troves of other information.
“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Molly Snyder, a Target spokeswoman, told SCMagazine.com in a Thursday email.
Trey Ford, global security strategist with Rapid7, told SCMagazine.com on Thursday that one of the ways the attackers may have attained the vendor credentials is by gaining access to private emails. He said it is common for criminals to use compromised email accounts to reset passwords to other accounts.
“Deception-based attacks become easy when criminals assume your identity,” Ford said. “The Information Technology industry would be wise to focus more energy on verifying user behaviors against known patterns.”
Ford said it is important to find ways of alerting, or forcing a stronger authentication event, when a major deviation occurs.
“The major credit card brands have provided a model,” Ford said. “The frozen card due to unusual spending is actually a comforting thing.”
Eric Chiu, president and cofounder of HyTrust, told SCMagazine.com in a Thursday email that this revelation underscores the danger of the insider threat. “The bad guys are now using advanced threats to steal credentials and pose as employees, and once on the network, they look the same as good guys,” he wrote.
Access controls, role-based monitoring and data security are pivotal to securing against insider threats, according to Chiu.
When news of a massive Target breach began spreading in mid-December 2013, SCMagazine.com learned that First Data Corporation is one of the payment processors for Target. A First Data spokesperson told SCMagazine.com then that the company had no indication its systems were involved in the Target breach.