It was reported recently that security analysts at Target Corp raised concerns that their payment card system had vulnerabilities, this was at least 2 months before their massive data breach.
Initial tests and reviews of the new system had been done, but those alone were not sufficient enough to cover all potential gaps. Analysts wanted to perform additional tests on the system after receiving memos from the federal government and other private security firms warning them of new malicious computer codes specifically targeting payment systems.
The above warning and the implementation of a new system, in most cases would have been enough to convince the higher ups that this was necessary. The only problem was the quickly approaching Black Friday holiday, the busiest retail day/weeks of the year.
To be fair, it is still not clear whether or not the review and testing was done prior to the breach, or even that it was immediately clear what or where the security lapses existed. However, it is very evident that something needed to be done, and it may not have been given the attention that was necessary.
These new details have been assembled from interviews of former Target employees, who have knowledge of the ongoing breach investigation. This shows this incident (and possibly others like Nieman Marcus) wasn’t just a random attack but rather a focused attack on a known vulnerability.
There have also been signs over the last year that something like this was on the horizon. Last year, retailers saw an increased number of alerts from the government and private security firms, as well as a significant increase in attempted malware attacks.
Even after all of this Target was unaware that there was malicious code on their system until they were contacted by federal investigators. They had also passed an audit in September, just 2 months before the attack, and were certified as being compliant with payment industry requirements. So what went wrong?
Apparently hackers gained access to Target’s network via a vendor portal. Once they gained access through the vendor portal they were allowed to move laterally through the network eventually getting to the system that handles payments. Here is where we encounter the problem. The hackers should never have been able to move from one system to another, especially not that easily.
To make matters worse, several of Target’s cybersecurity team left the company in the months leading up to the breach. It really was a combination of several different factors, some that Target could help and some they could not, that led to this perfect storm.
Do you know what your vulnerabilities are? Don’t get caught with your name in the headlines!