Target breach started with email phishing attack, report says

Star Tribune (Minneapolis)February 13, 2014 

Thieves stole the network credentials from Target’s heating and refrigeration contractor through an email phishing attack sent to the contractor’s employees at least two months before they began collecting card data from cash registers, according to the blogger who first revealed the attack.

Data security reporter Brian Krebs wrote Wednesday at KrebsOnSecurity.com that Target’s breach was set up by a “malware-laced email phishing attack” on employees of Sharpsburg, Pa.-based Fazio Mechanical Services Inc.

Krebs cited “multiple sources close to the investigation.”

“Two of those sources said the malware in question was Citadel — a password-stealing bot program that is a derivative of the ZeuS banking trojan — but that information could not be confirmed,” Krebs said.

Fazio was using a free version of Malwarebytes Anti-Malware as its main tool for detecting malicious software on its internal system, Krebs said, adding that he considered that a flawed approach.

Krebs said that a former member of Target’s security team, who was not identified, told him that Target’s vendors use Ariba software to complete their work orders and collect payments.

That person speculated that Ariba’s back end, which allows Target administrators to provide vendors with login credentials, would potentially give a vendor access to the server, and then potentially some form of access to the rest of Target’s corporate network.

Target’s breach, in which payment card data or personal information of up to 110 million customers was stolen, is one of the country’s largest recorded data security breaches and remains under investigation.

The News Tribune is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service