Target case
Was target considered a leader in cyber security before this event? What cyber security tools did it use? (6)
Yes It had segmentation, firewalls, malware detection software, intrusion detection software, prevention tools and plans to prevent data loss.
fireeye (what is it, what is its principle, what does it do)
advanced monitoring system for IT infrastructure. Based on prevention rather than detection. creates virtual chambers that hackers get drawn into so they can be detected.
3 groups of lawsuits target is facing (which category is biggest?)
financial institutions consumers shareholders the financial institutions (banks) are the biggest
The breach can be attributed to the human aspect of information security Impact of the human aspect at two levels
materialization of the risk (victim of phishing) implementation of the control of technology (supervision of security controls of systems used by partners, policies governing access rights, configuration of detection software, development of alarm response procedures, resistance to new technologies, infrastructure and network segregation decisions).
Would chip-card payment system have prevented the attack?
no, but it would have made it much more difficult to clone the cards, making the, less useful and less valuable.
How many credit and debit cards were affected in the breach?
10% of all cards in circulation in the U.S. or over 110 million people
How much could the breach cost target? Where do these costs come from? (
500 million to 1 billion reimbursement of banks for card reissuing communication and customer services fines for non-compliance due to vulnerability of external vendor's authentication method cost of credit monitoring for tens of millions of customers affected legal costs
exploit economics largely boils down to:
Adversary ROI = Asset value to adversary - Adversary cost. An adversary's costs include not only the resources, knowledge, and technology required for the exploit, but also the risk of getting caught.
Why do many companies continue to fail to implement IT security measures?
Because the cost of is so huge.
affect of breach on Target's executives
CIO resigned CEO was fired
Normally banks would just But because the breach was so large and the timing near Christmas, they had to find new solutions
Cancel cards and reissue new ones
How did target "learn" of breach?
Consumers call their bank in large volumes Banks detect suspicious activity and contact law enforcement investigation reveals the common denominator: a transaction at Target. The authorities notify Target
EMV
Europay, MasterCard, and Visa, the three companies that originally created the chip standard
root cause(s) of information security breach at Target (4)
First, an employee of one of Target's external vendors (Fazio) fell for a phishing email (incompetent employee). Second, Target left its server open to its POS system, allowing hackers to use their access to the payment system to install memory scraping malware on POS terminals. Third, Target had deactivated part of their software system that would have automatically stopped the malware. Fourth, Target ignored the alerts it was receiving about the breach.
Who stole the info from target?
Group of hardened cyber criminals based in Russian and Ukraine. Led by 22 year old who had already been implicated in cases of data theft.
What were five ways in which target messed up?
Ignored escalating alerts from team in Bangalore monitoring FireEye Target had additionally deactivated the security feature built into FIreEye which would automatically delete any suspicious software because they did not trust it yet. It would have been able to prevent the attack. The channel between the business server and the POS terminals and server connected to POS should NEVER be open Did not make the breach public until it absolutely had to Did not have the customer service support to handle all the concerned customers after it was made public.
6 sources of risk for IT
Incompetent employees (unaware of phishing and hacking) Rogue employees (give away information for their own gain) Hackers (phishing and social engineering) Business partners (like Fazio in Target's case) Technology partners (like if the monitors in Bangalore had not contacted target) Technology components (like how hte hackers could access the POS system from the business server)
memory scraper
Memory-scraping malware or RAM Scrapping malware is a malware that scans the memory of digital devices, notably point-of-sale (POS) systems, to collect sensitive personal information, such as credit card numbers, for the purpose of exploitation
What is the safest payment method? What does it require?
Mobile wallet (phone) NFC (Near field communication)
Where did the stolen data end up for sale?
Recastor.so
Rule shift about liability in the event of fraudulent purchases
Shifted financial liability onto the weakest link in the chain, either the retailer of the bank. The weakest link being the party that has not yet updated their equipment, software, and cards to allow the use of chip technology
two types of hacking
Social Engineering: Con games that trick employees into revealing information or performing other tasks that compromise a firm. Phishing: Cons executed using technology, in order to acquire sensitive information or trick someone into installing malicious software.
Difference between social engineering and phishing?
Social engineering attempts to trick or con individuals into providing information, while phishing techniques are cons conducted through technology.
Key take aways (4)
Target was only as strong as its weakest link Not fault of technology but the people using the technology Periodic (continuous in some cases) analysis and evaluation of all sources of vulnerability are immensely important. One may conclude that the technological control measures all performed exceptionally well
Who are the biggest losers when these incidents occur?
The customers Hassle of dealing with regular payments that a stolen card was used for as well as identity theft concerns.
How do sites like recastor.so work? (3)
They offer possibility to purchase data from single cards or batches of cards. they have good customer services and allow you to pay using bitcoin Buyers have to purchase the number and clone the card to make in-store or online purchases, before the bank or the card holder notices the suspicious activity and the card is cancelled.
How did the hacker group gain access to Target's network? (2) How was the breach conducted? (4)
They sent a phishing email to one of Target's outside vendors and obtained the firm's user and password. With this thy were able to remotely access Target's administrative server and payment system network, and somehow through this the POS terminals. (This channel between the business server and the POS terminals and server connected to POS should NEVER be open) The hackers installed malware on Target's point-of-sale terminals (cash registers that are really computers). This malware collected data bout the credit and debit cards used for purchases by customers. This type of software copies the data at the point where is is most vulnerable, when the data has to be stored raw and un-encrypted in random access memory for a few milliseconds In this case, the copied data was immediately saved onto one of target's servers, which had been hacked. The data was then saved on 3 servers outside Target.
How to prevent cyber attacks? (6)
Think like a hacker to devise an operational security model. Consider both inside out (employees, business partners, vendors) and outside in (weakness looking from an outsider view) Raise cyber security awareness by integrating information security into daily routines Awareness training to everyone who have access to confidential information Companies invite hackers to identify vulnerabilities The more you can think like a hacker, the better able you will be to protect against attacks