Identifying Real-life Security Breach: Business Operations (Term Paper Sample)

Target Stores Security Breach
Names
University Affiliation
Subject
Date
1 Identified a real-life security breach that compromised elements essential to the operation of a business; required the implementation of a business continuity plan; and required the use of electronic tools to discover the breach and recover from it.
In the previous year's many organizations have been targeted by cyber crimes which involved data breach. In December 2013 credits cards amounting to over 40 million were stolen from almost 2000 Target stores by accessing data on point of sale system. Target corps noted that the 40 million stolen credit and debit card were from shoppers who visited the stores within the initial three weeks of the festival season. This security breach was the second biggest of its kind detailed by U.S retailers.
It was reported that the hackers worked at an extraordinary speed carrying out their operations from before thanksgiving to the Sunday of 19 to a crucial Christmas festive season. The hackers stole important information from target customers which are available in the magnetic stripes on the back of the customer's credit cards. These magnetic stripes contain persons account number, track data, expiration date of the card and secret CVV code which have value in the black market.
The magnetic stripes may be sold and the counterfeit card is made using hackers own encoding magnetic machines. After the target breach, the stolen credit cards were very expensive this because the banks did not cancel them immediately according to Krebs. Several credit cards obtained in the target security breach were sold for more that $135 this depended on the type of the card, the limit, and expiration date. Consumers did not have to pay for a replacement of another card by community banks and credit union took on the expense. Target attackers used the information obtained from the stolen card to make falsified purchases through phones or online and make counterfeit credit cards. The implications of the breach were related not only to the compromised volume of records but also to the type of data obtained from the target.
The attackers used various steps to gain access to the credit cards and obtain the information from targets system which leads to huge losses. Experts suggested that the attack emerged as follows: investigation by the attackers may have included Google search which would have provided a lot of information on how target relate with vendors.
The investigation would have reviled the Microsoft website and description of Microsoft virtualization software which deploy security updates and patches (Microsoft, 2011).Two months to the security breach an email containing malware was sent to the refrigeration vendor Fazio Mechanical. The malware stole recommendations on the vendor portal. The hackers were able to access target systems through Fazio Mechanical's through the basis's portal (Krebs, 2014d).
The attacker may have invaded the network through a common network. They were able to access POS systems through a weak domain once they were able to access the required systems malware was installed to point of sale systems. The malware was conventional software which was undetectable by virus scanners. The software collected credit card information from memory as the cards were swiped. The data was then saved to a file and stored in a provisional Net Bios. The attackers used components which indicated the transfer of data from POS machines to compromised machines LAN (iSight Partners, 2014).
Hackers used modified components to send rare commands to networks that would not be discovered by ordinary forensics tools and go around network control (iSight Partners, 2014). Further reports noted that data was obtained using a default password and username. The data sent to drop locations was it was later retrieved. Credit cards were then sold on the black markets. The breach affected targets employees, customers, banks in terms of cost. Top employees lost their jobs and some board members were threatened with termination. The banks had the task of refunding stolen money from customer's credit cards. Target faced huge losses from customers drop in the new year of 2014.
2 Explained the method of discovery
It's important to understand how the attack occurred because the attacker is still active. The attackers had obtained personally identifiable information (PII) of 70 million customers and data from 40 million credit cards Targets financial damage according to analysis may have reached $1 billion. Installation of malware that steals credentials –This started with the stealing of confidential information of target's HV/AC vendor, Fazio Mechanical Services. This was achieved through the infection of the email of the vendor with a malware.
Target discovered that one of the causes of the massive data breach which exposed financial and personal information of more than 110 customers was malicious software which infected the point of sale system at the target checkout counter. During the interview on January 12 with CNBC targets, CEO Gregg Steinhafel confirmed the stealing of data by hackers. This was achieved through the installation of malicious software on the point of sale POS devices found in the checkout lines at target stores.
Reuters published a report on the same day stating the breach was as a result of memory-scraping malware. This malicious software utilized a technique which passed data briefly stored in the memory banks of a specific POS device. In that, the malware captured the data stored on the cards magnetic stripe instantly. These were after being swiped at the terminal and still exist in the system's memory. This information helped the hackers create clone copies of the cards which are used in buying expensive merchandise in high-end stores.
U.S issued a detailed analysis containing common memory cert scrapping malware variants. Target has not formally released detailed information on the POS malware involved. They have also not given detailed information on how the thieves broke into their network. Since the attack, the known method of how the attackers penetrated the target network is through the point of sale malware.
Another issue that was stated caused the massive breach at target was as a result of retailer's failure to properly segregate important systems. These systems handle sensitive payments cards data from the rest of their networks. Brian Krebs who is a security blogger was the first person to report on the target breach. He stated that the attackers broke into the retailer's network using login credentials stolen from its vendors.
The vendor is a heating, ventilation and air conditioning Company works with the target in various locations. According to Krebs close sources stated that attackers first accessed targets network on November 15, 2013, using a username and password. This password and username were stolen from Fazio Mechanical Services which specializes in the provision of refrigeration and HVAC systems for various companies like the target. Fazio has access rights to targets network which help in carrying out activities like temperature monitoring in target stores. The attackers moved undetectable by using Fazio identification to gain access and upload a malware program from the company point of sale POS systems of a target.
3 Explored the electronic tools that were used to discover the breach.
The hackers tested the stolen data malware on a few cash registers and after it was successful it was uploaded on targets POS systems. Malware point of sale apps was suspected to have caused the attack since information gained via point of sale terminals through the installation of malware into targets network. Through exploitation of vulnerabilities in the built-in web servers, attackers were able to gain access to POS terminals. Attackers were able to discover that many retail merchants and point of sale terminals had not implemented s basic security measures required by PCL.
Many businesses which technically comply with PCI may not have much information on the security practices set in place. Target security division attempted to protect their system from cyber attacks and six months before the attack installed a Fire Eye. This device help to detect malware but numerous alerts by the device to the system were ignored. Administrators who did not know how Fire Eye worked had turned off some of its functionalities. The target security network had firewalls in place and they segmented their network using virtual local area networks (VLAN) and systems.
4 Discussed the usefulness of electronic tools in the discovery process.
Target had six months before the attack installed a malware detector known as Fire Eye. This software was effective in the detection of malware attacks and alerted the system. The security experts had been alerted of the malware invading the system but had ignored the warnings which lead to the attack. Target had installed an inbuilt web server which motored any a usual behavior in the network. A third party vendors system which was used to monitor various activities in the target was helpful in discovering how the attack happened.
The hackers were able to send an email containing malware to the third party vendor's website which gave...