Target hack could have been prevented
Posted by: Timothy Weaver on 03/14/2014 11:11 AM [ Comments ]
It has come to light that the hack of Target and the subsequent loss of data could have been prevented.
Bloomberg Businessweek reports that staff failed to act on the alerts from FireEye, which detected the malware. The security personnel only took action two weeks after the original breach when they were warned by federal investigators.
FireEye could have auto-prevented the breach, but investigators surmise that the security team may not have gotten to the point where they trusted it to act semi-autonomously. That function was disabled.
Businessweek writes: "On November 30th, according to a person who has consulted on Target's investigation but is not authorized to speak on the record, the hackers deployed their custom-made code, triggering a FireEye alert that indicated unfamiliar malware: malware.binary. Details soon followed, including addresses for the servers where the hackers wanted their stolen data to be sent. As the hackers inserted more versions of the same malware... the security system sent out more alerts, each the most urgent on FireEye's graded scale."
Target's Symantec anti-virus system also flagged up alerts.
FireEye had this to say:
Bloomberg Businessweek reported on the methods hackers used to steal millions of credit card numbers from Target. In the report, FireEye was mentioned as having discovered the attack prior to the broad discovery by Target as well as providing services to the CIA. It is FireEye policy to not publicly identify our customers and, as such, we cannot validate or comment on the report’s claims that Target, the CIA or any other companies are customers of FireEye.
FireEye could have auto-prevented the breach, but investigators surmise that the security team may not have gotten to the point where they trusted it to act semi-autonomously. That function was disabled.
Businessweek writes: "On November 30th, according to a person who has consulted on Target's investigation but is not authorized to speak on the record, the hackers deployed their custom-made code, triggering a FireEye alert that indicated unfamiliar malware: malware.binary. Details soon followed, including addresses for the servers where the hackers wanted their stolen data to be sent. As the hackers inserted more versions of the same malware... the security system sent out more alerts, each the most urgent on FireEye's graded scale."
Target's Symantec anti-virus system also flagged up alerts.
FireEye had this to say:
Bloomberg Businessweek reported on the methods hackers used to steal millions of credit card numbers from Target. In the report, FireEye was mentioned as having discovered the attack prior to the broad discovery by Target as well as providing services to the CIA. It is FireEye policy to not publicly identify our customers and, as such, we cannot validate or comment on the report’s claims that Target, the CIA or any other companies are customers of FireEye.
Comments