Fazio Mechanical, Target's HVAC vendor, had access to Target's network in order to monitor the temperatures in the stores and the health of the HVAC equipment. It is less clear why access was allowed with weak authentication, and why there was no network segmentation between the HVAC units and the POS terminals.
The only really sophisticated part of the attack was the memory-scraping software actually used in the POS terminals. The rest appears to have been a combination of standard attack methods.
One of the key user accounts used to consolidate and move data around Target's network was the "best1_user" account, which is an account name usually associated with the Performance Assurance for Microsoft Servers agent of BMC Software's Patrol product.
It appears that a SQL injection attack was a key part of compromising servers to place the malware and recover the stolen data.
Target has stated that it intends to invest heavily in chip card technology. This would help with "card present" attacks (ie attacks based on cloning a physical card), but would not do much for "card absent" attacks (where a purchase is made from a remote location).
No comments:
Post a Comment