Security researcher Brian Krebs, who broke the Target story back in December, continues to be one of the best sources of the continuing story. He recently posted a report from the FBI that warns us to expect more breaches involving the BlackPOS exploit that has affected checkout operations at Target, Neiman-Marcus, and Michaels stores.
It appears that the breach at Target was the result of a compromised user and password that had been created for an HVAC vendor to allow them to access Target’s network to submit invoices and proposals, and possibly to provide off-site monitoring of heating cooling, and refrigeration systems at Target stores.
When news of this breach was first released, because of the scope of the breach, and the types of computers and network system involved, I originally expected that there had to have been an a network insider who had actively or unwittingly helped the cyber-crooks gain access. As other breaches at other store chains came to light, the insider theory lost some of its appeal. but insider access provided through a vendor who worked at other major retail chains – well that just made sense.
In this case Fazio Mechanical Services was the point of attack, and the valuable goods were the access credentials that got the crooks on to the Target network. The message here for small and medium size businesses? I run across small business owners all the time who think “we are too small to be an attractive target” or “we have nothing of value here.” If you are doing business with a a Fortune 500 company may be the network access credentials you have for their systems. If you value that relationship, maybe you need to make sure they are secure.Share