Target Hackers Tapped Vendor Credentials

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/attacks-and-breaches/target-hackers-tapped-vendor-credentials/d/d-id/1113641?

By Mathew J. Schwartz
InformationWeek.com
1/30/2014

Target said Wednesday that the hackers who attacked the company employed 
access credentials that were hardcoded into a product used by the 
retailer.

"We can confirm that the ongoing forensic investigation has indicated that 
the intruder stole a vendor's credentials which were used to access our 
system," Target spokeswoman Molly Snyder said Thursday via email.

Target declined to identify the vendor whose credentials attackers had 
obtained, though confirmed that the attack vector has been blocked. "As we 
have previously shared, we confirmed the breach on December 15 and were 
able to eliminate the malware and close the access," she said. "Since that 
time we have taken extra precautions such as limiting or updating access 
to some of our platforms while the investigation continues."

Target's attackers ultimately stole 40 million credit and debit cards 
collected by the retailer's point-of-sale (POS) systems, set up a server 
inside Target's network to collect that stolen data, then regularly sent 
it in batches via FTP to a server in Russia. Attackers also stole personal 
details pertaining to 70 million Target customers.

While Target declined to disclose further details from its investigation, 
security journalist Brian Krebs reported Wednesday that Dell SecureWorks 
this week released a private report to some of its clients, which suggests 
that Target's attackers gained access to Performance Assurance for 
Microsoft Servers, which is IT infrastructure management software sold by 
BMC Software.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/