Security researcher Brian Krebs, who broke the Target story back in December, continues to be one of the best sources of the continuing story. He recently posted a report from the FBI that warns us to expect more breaches involving the BlackPOS exploit that has affected checkout operations at Target, Neiman-Marcus, and Michaels stores.
It appears that the breach at Target was the result of a compromised user and password that had been created for an HVAC vendor to allow them to access Target’s network to submit invoices and proposals, and possibly to provide off-site monitoring of heating cooling, and refrigeration systems at Target stores.
When news of this breach was first released, because of the scope of the breach, and the types of computers and network system involved, I originally expected that there had to have been an a network insider who had actively or unwittingly helped the cyber-crooks gain access. As other breaches at other store chains came to light, the insider theory lost some of its appeal. but insider access provided through a vendor who worked at other major retail chains – well that just made sense.
In this case Fazio Mechanical Services was the point of attack, and the valuable goods were the access credentials that got the crooks on to the Target network. The message here for small and medium size businesses? I run across small business owners all the time who think “we are too small to be an attractive target” or “we have nothing of value here.” If you are doing business with a a Fortune 500 company may be the network access credentials you have for their systems. If you value that relationship, maybe you need to make sure they are secure.
FEB
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com