The Steps The Target Hackers Took | And How You Can Use This Knowledge to Prevent Further Attack

IBM Security Services reports that there were 1.5 million cyber attacks in the US in 2013. The greatest security risk to companies is, currently, data breach, and one successful attempt was the attack on the retailer Target. Thor Olavsrud of IT World reported on an investigation by the leading research company Aorato on the hacking incident that afflicted the retailer Target.

The incident led to the theft of personal identifiable information (PII) and seized credit and debit card data from the point of sale system. The US Department of Homeland Security and the US Secret Service have reported that the hackers currently have possession of widespread data that they continue to sell.

The hackers obtained the PII of 70 million customers by first penetrating Target’s system using stolen data from the HVAC vendor. An email phishing technique obtained data and provided access to Target’s web services. Vulnerabilities that existed within Target’s web applications allowed the hackers to upload a PHP file and execute commands. The attackers made little attempt to disguise their files. Their intent was to sell credit cards on the black market, and the window of opportunity was small before the attackers would be discovered by credit card companies. The attackers located the servers that hosted credit card information. Using IP addresses, Domain Admin privileges, and the creation of a new Domain Admin account attackers obtained password control. The attackers bypassed firewalls and performed processes remotely on targeted servers.

Aorato’s lead researcher, Be’ery, stated that monitoring user lists and access patterns is a simple step that can alert companies of hacking activity. The payment card industry compliance employed by the Target system is estimated to have prevented the attackers from stealing an additional 30 million credit cards.

To protect organizations from attackers, Be’ery recommends monitoring access patterns to identify any abnormalities. Limiting user privileges, monitoring user lists, and information gathering activity. Reliance on anti-malware solutions is not sufficient because attackers use legitimate IT tools. Security and monitoring of the Active Directory is required because it is typically accessed in an attack. Finally, IT staff should participate in information sharing groups that can provide intelligence concerning attackers’ current techniques.

Looking to Hire IT Professionals in Boston?

Contact the professional recruiters at A&A Search  and let our team of skilled recruiters assist you with your hiring initiatives.