Why did the attackers spear-phish a contractor to Target? On December 18, 2013, Target Corporation announced that
Question:
Why did the attackers spear-phish a contractor to Target?
On December 18, 2013, Target Corporation announced that it had lost 40 million credit and debit card numbers to attackers.
Less than a month later Target announced an additional 70 million customer accounts were stolen that included names, emails, addresses, phone numbers, and so on.
After accounting for some overlap between the two data losses, it turns out that about 98 million customers were affected.
22 That’s 31 percent of all 318 million people in the United States (including children and those without credit cards). This was one of the largest data breaches in U.S. history.
These records were stolen from point-of-sale (POS) systems at Target retail stores during the holiday shopping season November 27 to December 15, 2013). If you were shopping at a Target during this time, it’s likely your data was lost. Below is a short summary of how attackers got away with that much data.
How Did They Do It?
The attackers first used spear-phishing to infect a Target thirdparty vendor named Fazio Mechanical Services (refrigeration and HVAC services).23 Attackers placed a piece of malware called Citadel to gather keystrokes, login credentials, and screenshots from Fazio users.24 The attackers then used the stolen login credentials from Fazio to access a vendor portal (server) on Target’s network. The attackers escalated privileges on that server and gained access to Target’s internal network.
Once in, the attackers compromised an internal Windows file server. From this server the attackers used malware named Trojan.POSRAM (a variant of BlackPOS) to extract information from POS terminals. BlackPOS was developed by a 17-year-old from St. Petersburg, Russia, and can be purchased from underground sites for about $2,000.
Step by Step Answer: