Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Enterprise

    Protect the enterprise where most breaches occur - at the endpoint

    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Financial

    Financial organizations need a robust, flexible solution for securing access to the internet, email attachments, and removable storage.

    Blog

    Back

    3 Critical Insights of the Target Breach – and 3 Key Takeaways

    By BUFFERZONE Team, 13/10/2015

    KrebsOnSecurity has obtained an internal report commissioned by Target that investigated the giant retailer’s headline-grabbing data breach in 2013 — and the findings so far are a chilling, cautionary tale all Infosec professionals tasked with keeping their organization’s data safe.

    The report, which was prepared by security experts at Verizon and has been under wraps at Target since March 2014, revealed three critical insights that ultimately allowed hackers to steal data from 40 million payment cards, cost an estimated $191 million – and counting, and is widely speculated as the core reason behind Target’s former CEO, President and Chairman stepping down.

    Three Key Insights

    The first critical insight was that hackers didn’t breach Target’s Point-of-Sale (PoS) systems directly. Rather, they entered via the corporate network, which they penetrated by using VPN credentials that were stolen from a small heating and air conditioning vendor.

    The second critical insight is that Target’s end users weren’t following the company’s password policy — verifying, yet again, that end users are invariably the weakest link in any network security system. For example, Verizon’s researchers located a file with network credentials on multiple servers, and end users were routinely using default or weak passwords. In fact, within a week on the job, Verizon’s experts were able to hack 472,308 of Target’s 547,470 passwords — a whopping 86 percent — and access multiple internal networks.

    The third critical insight – and the one that is triggering the most shockwaves and is likely going to dog Target for years as they grapple with multiple lawsuits – is that once hackers breached the network, there was nothing to stop them from accessing all PoS systems and cash registers in every Target store. In other words, there was no “air gap” between internal and external networks, and once inside hackers essentially had a free hand.

    In the months ahead, we’ll surely learn more insights about the Target breach (and others, like this new payment card breach campaign involving Hilton Hotel and franchise properties in the US). Some of these findings will be of the eye-opening variety, while others will be more of a confirmation of what is widely speculated or suspected.

    Three Key Takeaways

    However, we don’t have to wait years for the Target story to finally end before we identify three key takeaways that are directly relevant to Infosec professionals:

    1. As noted above, the tally for the Target breach is approaching $200 million – and will likely exceed this when the dust settles years from now. Without question, it is FAR less costly in every way to stop a breach before it unfolds vs. try and detect it afterwards. As such, network security strategy has to be largely characterized by – if not dominated by – prevention-based approaches.
    1. Endpoints are both the largest area of the attack surface, and the most vulnerable as well. This unfortunate combination (unless one is a hacker) means that protecting endpoints cannot be an afterthought or a mere piece of a comprehensive network security system. It has to be a core component, if not the centerpiece.
    1. As we have written about here, deploying physical air gap architecture is cost prohibitive for many businesses, as well as inefficient for end users. However, businesses can leverage a technology-led air gap by installing virtual containers on their endpoints, which effectively prevents threats from infecting endpoints and migrating to the network, or spreading laterally to other endpoints.

    The Bottom Line

    The Target breach, along with the many other breaches that we know about –and those that we’ll find out about in the weeks and months ahead! – aren’t just learning opportunities for Infosec professionals. Ironically, they’re also playbooks for hackers who are analyzing campaigns and responses to see what work, and what doesn’t.

    Applying the three takeaways noted above helps keep businesses a step ahead of the bad guys. And on today’s increasingly-worsening threat landscape, a step ahead is the ONLY position that organizations can afford to be. Just ask Target, which has 200 million reasons (…and counting…) to agree.