This is the first in a series of case studies/blogs that will evaluate cyber security threats and failure, from the perspective of those in the electrical industry with an eye toward the future
electrical power grid that will utilize advanced communications capabilities.
Because we can
This is the first in a series of case studies/blogs that will evaluate cyber security threats and failure, from the perspective of those in the electrical industry with an eye toward the future electrical power grid that will utilize advanced communications capabilities.
In 2013, Target Corporation’s (Target) security and payment system was breached, compromising 40 million credit and debit card numbers, along with 70 million addresses, phone numbers and other personal information . Target was made aware of this situation in mid-December when the U.S. Department of Justice informed the company that their system was being attacked . Target had received notifications prior to this date, but had failed to act.
The "hows" and the "whys"
Malware was installed on Target’s payment and security system on November 15, 2013. Access to the system came from network credentials that were stolen from an HVAC provider based in Sharpsburg, Penn. Initial speculation was that this vendor was monitoring HVAC systems installed at Target facilities remotely via network connection and that this was the way hackers gained entry into Targets internal network. As it turned out, this was not the case . The compromised data connection was being used for “electronic billing, contract submissions and project management” , not monitoring of equipment. The network credentials were, in fact, gathered after the HVAC contractor's employee fell victim to a phishing scheme attack and clicked on a malicious email .
Target was not unprepared for the breach. Earlier that year, the company had installed malware detection software by computer security firm FireEye (high-profile FireEye customers include the CIA and Pentagon). The FireEye team in Bangalore, India monitored Target’s system around the clock, and reported the activity to Target’s security team based in Minneapolis, Minn. .
Exfiltration malware was installed on November 30, 2013 to move the stolen information out of the Target servers. These drop points were first staged around the U.S., then to computers in Russia. It was at this point that the Bangalore team became aware that something was wrong and notified the Target security team in Minneapolis. For reasons that are unclear, Target's Minneapolis team failed to act on the alert, allowing customer information to be compromised