Professional Documents
Culture Documents
Cyber Breach at Target
Cyber Breach at Target
Cyber Breach at Target
21st-22nd
19th Dec’13 20th Dec’13 25th Dec’13 27th Dec’13 10th Jan’14
Dec’13
• FAZIO MECHANICAL SERVICES: Target did not monitor the security arrangements of Fazi
while, Fazio used a free version of security product called "Malwarebytes Antimalware “
• FIRE EYE.inc : cybersecurity monitor raised an alert which was ignored Automatic
malware detection and deletion option had been turned off by target' s security team.
• SECURITY TEAM: Non compliance with the PCI 2.0 norms which were the bare minimum
standards. Weak controls within Target' s network which made it easier for the hackers to
crack the system. The data was then moved from target’s network and stolen data was
aggregated at a different proxy network.
WHO CAUSED THE ATTACK?
• Data theft of this magnitude are usually the work of an organized crew of cybercriminals
specializing on stealing data from vulnerable sources.
• The preparators behind this attack were from Russia, Ukraine and Romania, a similar
crew was responsible for another such attack on ‘Home Depot’ in 2014.
• Once the stolen data was moved target’s network it was shifted to a server in Moscow,
the stolen data was traded in cryptocurrency on rescator.so (dark web).
CONSEQUENCES OF THE DATA BREACH?
With the increasing data breaches and cyber crime in recent years, it is the responsibility of
the firm to adhere to industry standards in building and maintaining firewalls, protecting
sensitive information, monitoring their networks, be attentive to security warnings and
correct unsound practices.
THANK YOU