Investigating the Target data breach

The research paper intends to describe the process of the Target data breach, analyze the malware used, describe the challenges in investigating data breaches, provide security guidelines to enhance payment system security, and provide customers with best practices that may assist them to hide their information in purchasing transactions.

The breach happened through Fazio Mechanical Services. The heating, air-conditioning, and ventilation firm had access to Target’s Ariba external billing system and was easily compromised by a Citadel Trojan. Using the third party, the hackers were able to probe Target’s network, pinpointing its weaknesses.

For example, its weak segmentation between the sensitive and non-sensitive networks allowed the hackers access to the point of sale (POS) networks. BlackPOS, a malware specialized in attacking POS systems was then installed. The malware was then able to read card numbers whenever the cards were scanned on card readers connected to the infected POS devices. As a result, 40 million credit and debit card numbers were stolen, with the data being first passed through compromised FTP servers, then other compromised machines, and finally to drop sites in Miami, and Brazil.

The data then became available for sale on the black market.

In the aftermath of the attack, it emerged that Target had failed at detecting and preventing the breach at several points. Firstly, security warnings sent by tools such as FireEye were ignored. Secondly, the company had failed to properly segment its sensitive from non-sensitive networks. Thirdly, its POS terminals were not hardened, making them susceptible to unauthorized software installation.

Get quality help now

Bella Hamilton

Verified

Proficient in: Bangalore

5 (234)

“ Very organized ,I enjoyed and Loved every bit of our professional interaction ”

+84 relevant experts are online

Hire writer

Fourthly, there was limited access control of accounts and groups from third-party partners.

The malware was able to easily able to circumvent detection due to several important features. There was multi-phase data exfiltration, where data was gathered to a compromised internal server that was used as a repository. There were string complications that allowed the malware to evade signature-based anti-virus detection. The malware actively avoided unnecessary infections minimizing detection. The stolen data was encrypted, hiding the leak from data loss prevention systems. Also, it was active only during busy working hours, which aided in hiding anomalous communications. It is these factors that made it popular among hackers.

While the Computer Fraud and Abuse Act (CFAA) appears to be the most applicable cybercrime law applicable in the Target breach, its implementation may be difficult due to the presence of several barriers. In most data breach plots, the hackers hide their identities through different relays across the globe through the penetration and exfiltration phases. The international relays are challenging to investigators, as there is little guarantee that all the countries involved will take the same level of effort in the investigation. Also, in cases where the hacker is not in the country, extradition may be involved, which may not only take time when successful but impossible, if the US and the country have not signed a treaty accepting such a level of cooperation.

It is clear that Target and the monitoring team in Bangalore had ignored critical security alerts produced by FireEye. As such, it is vital for large corporations to design alert systems that are intelligent and adaptive beyond sending a list of alerts, specifically through the introduction of an adaptive warning strength measure, and also through mining and presenting connections among alerts (Shu, Tian, Ciambrone, & Yao, 2017). Target had improperly segmented its network. However, by introducing a zero-trust network, all traffic will be identified, and monitored before being authorized, protecting from both outsider and insider attacks. Target also had poorly secured its POS handling. However, the introduction of the EMV system, which added a temper-resistant chip would provide a higher level of security, as the data on the chip is encrypted making it more difficult for it to be used by hackers.

The number of data leaks has increased in recent times, with improvements in technology. However, after the careful analysis and evaluation of the system, techniques, and legislation weaknesses of Target’s leak, it became clear that workable solutions can be introduced to make sensitive data more secure.