The Target Breach
Analysis of the Target Breach — what happened and how it may have been prevented by Teri Radichel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Data Breaches | Cybersecurity
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
One of the first papers I wrote on cybersecurity was an analysis of the Target Breach for SANS Institute. It was a very interesting breach because the attackers used many different methods to infiltrate a deployment system and automatically deploy malware to point of sale (POS) machines during the holiday season.
This breach turned out to be one of the largest retail breaches in history and one of the first cases which a substantial amount of detail to understand what happened and how the attackers carried out the attack.
And no, the attackers did not infiltrate HVAC systems. They got malware onto a system of a Target vendor that provided HVAC services and broke into the vendor management portal. This tactic is one of the reasons I tell clients they should allow me to test internal access to web applications, not just external on penetration tests. What can attackers do if credentials are stolen? It matters.
From there they used a number of different methods to bypass security controls and traverse the network to reach their target — including ICMP (ping) tunnels which I found incredibly interesting.
You can read the whole paper here:
https://sansorg.egnyte.com/dl/g5ykEMZpIk/
Note that in this paper I repeated things I learned in security classes of which I have a much different opinion now — such as measuring risk. Measuring risk is one of the topics in my book at the bottom of this post and automated risk management is part of the reason I’m writing this blog series on automating cybersecurity metrics.
Why did I write about the Target Breach in the first place? Because I, myself, was the victim of a data breach in the past while running an e-commerce company. It kind of made me obsessed with how it happened and how to stop it in the future. And that led me to cybersecurity and this blog.
I continue to write about data breaches and how you can prevent one at your organization on this blog.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab