INFO5301 Analysing Security Incidents
According to ZD Net special feature article “Target informed about 110 million credit/debit-
card wielding shoppers, who made purchases at one of the company’s stores during the at-
tack, that their personal and financial information had been compromised.”
Reference:
ZD Net special feature article on Anatomy of the Target data breach: Missed opportunities
and lessons learned
Research on this security incident and answer the following questions
3.1 What are the consequences of the incident?
Answer:
- 40 million credit and debit card numbers and 70 million records of personal information
were stolen
- credit card unions had to spend over two hundred million dollars for reissuing cards
- As ordered by court, Target had to spend 18.5 Million dollars on data breach settlement for
effected customers
3.2Explain how this security incident happened?
Answer: The attackers first compromised a Target’s a third-party vendor Fazio Mechan-
icals, a refrigeration contractor. Citadel, a variant of the Zeus banking trojan was installed
through a phishing email into one of the Fazio computers and obtained Fazio Mechanical’s
login credentials. Fazio Mechanicals had access to Target’s Ariba portal (billing system).
Due to poor network segmentation in Target, having access to business system allowed at-
tacker to gain access to entire target system including sensitive data. Attacker then used
a point of sales malware called BlackPOS to read card details from the POS devices. Card
numbers were then encrypted and sent to compromised machines inside the Target network
and finally pushed to the destination sites in Miami and Brazil.
3.3 What they could have done to prevent the incident?
Answer:
- Develop effective security alert systems and improve monitoring
- Enforce Payment System Integrity
- Controlling Information Flow with Network Segmentation
- Improved firewall rules and policies
- Enforce vendors to use appropriate anti malware and implement MFA
Duration: 20 min
Exercise 4:
Compare the three attacks and justify the most significant attack.
Information Security Management Page 4of 5