The expert’s neglect of timely alerts could be the factors allowed the theft to take place.Target publicly acknowledged that escalating alerts had been received starting on Nov 30 and its local teams had analyzed them and deemed no action was necessary.The security software itself would have been able to prevent the attack as it will automatically eradicate software deemed to be “malicious” or “unauthorized”.However,Target’s experts deactivated this feature because they did not trust this new system completely and failed to thwart the attack before the first data were transferred.The additional alert sent by Target’s own anti-virus system was also ignored which led to the final theft of data.
The theft that occurred at Target and similar retailers was enabled by a combination of factors. Firstly, the cybercriminals exhibited a high level of sophistication and technical skills. They were able to create malware that bypassed the robust security measures implemented by Target, including segmentation, firewalls, malware detection software, intrusion detection software, and prevention tools.
Secondly, the attack was likely carried out by an organized team of cybercriminals operating internationally. This allowed them to have the necessary resources and skills to perpetrate such a large-scale data theft. The fact that the stolen data was ultimately transferred to a server in Moscow suggests the involvement of criminal groups based in Russia and Ukraine, which have been identified as hubs for data theft and sale over the past decade.
Thirdly, the attack exploited a weakness in Target’s security that allowed the malware to be introduced into the system. This could have been through various means, such as a phishing attack that tricked an employee into downloading and executing the malicious code. Once inside the system, the malware was able to spread and collect vast amounts of sensitive data.
Finally, the attack took place during a busy shopping period, such as the holiday season. This increased the volume of transactions and data flowing through Target’s systems, providing a larger pool of information for the cybercriminals to target. The combination of these factors allowed the theft to take place successfully despite Target’s investment in cybersecurity measures.
(1) Despite having robust security measures in place, including multiple layers of protection and compliance with international standards such as PCI DSS, Target’s IT infrastructure had vulnerabilities that were exploited by the attackers.
(2) Human error played a significant role; an employee from Fazio Mechanical Services falling for a phishing email led directly to unauthorized access to Target’s network.
(3) After the detection system raised the highest level of alarm, the company’s team took no action.
(4) Target experts disabled the antivirus feature of the security software.
Lack of Segmentation: Once inside, the attackers could move laterally within Target’s network due to insufficient network segmentation, allowing access to the payment system network.
Advanced Malware: The malware used (similar to BlackPOS) was sophisticated and designed to avoid detection by traditional intrusion detection systems. It captured card data during the transaction process when the data was unencrypted.
Ignored Alerts: Despite having an advanced anti-malware system (FireEye) that issued several high-level alerts, Target’s security team failed to act on these warnings. The anti-virus system also flagged suspicious activity, which was ignored.
Deactivation of Security Features: Target’s team had deactivated the automatic malware eradication feature of the FireEye system due to a lack of trust in the new system.
The most crucial factor that allowed the theft to take place was Target’s failure to act on multiple security alerts. Despite having advanced malware detection systems like FireEye in place, which issued several high-level alerts starting on November 30, Target’s security team ignored these warnings. This oversight allowed the hackers to install BlackPOS malware on the POS terminals, capturing card data from the terminals’ RAM. Additionally, Target had disabled the automatic malware eradication feature of FireEye, further compromising their defense. This internal failure to respond to security alerts was the key factor that enabled the breach to occur.
1.Failure to Act on Alerts: Despite receiving alerts from their advanced anti-malware system, FireEye, about suspicious activities, Target’s security team did not take necessary actions, failing to prevent the breach.
2.Lack of Full Trust in Security Systems: Target’s experts had deactivated an automatic malware eradication feature of the FireEye system, due to their lack of trust in the newly implemented system.
3.Poor Internal Communication: Alerts regarding the suspicious activities were not properly escalated within Target’s security operations center, resulting in a delayed response to the emerging threat.
-Cybercriminals used malware to gain access to Target’s systems.
-The lack of timely detection allowed the attackers to go undetected for an extended period of time.
-An employee clicked on a simple phishing email sent by cybercriminals, resulting in the compromise of user credentials and subsequent unauthorized access to Target’s network.
-A vulnerability in a third-party service or software.
-Stolen data is not properly encrypted or protected.
(1) Technical vulnerabilities: Hackers exploit the technical vulnerabilities of target companies (such as Target), particularly their point of sale network (POS). These vulnerabilities allow hackers to invade the system, install malware (such as variants of BlackPOS), and thus capture and steal credit card information.
(2) Shortcomings in security measures: The target company may have deficiencies in network security and data protection, failing to detect and prevent such attacks in a timely manner. This may include failure to regularly update and patch system vulnerabilities, lack of effective intrusion detection systems, or insufficient security awareness training for employees.
(3) The concealment of malicious software: The malicious software used by hackers has a high degree of concealment and can evade the detection of traditional security software. This allows hackers to lurk in the system for a long time without being detected by the target company.
The occurrence of this theft is the result of multiple factors working together. Firstly, the lack of awareness of network security is the fundamental cause of theft. Both enterprises and individuals should fully recognize the importance of network security and take corresponding protective measures. However, due to weak awareness of cybersecurity, potential risks are often overlooked, leaving opportunities for criminals to take advantage of.
Secondly, technological vulnerabilities and lack of protective measures are also important factors leading to theft. In today’s rapidly changing information technology, network attack methods are constantly emerging. However, some enterprises and individuals, due to technological limitations, fail to timely fix system vulnerabilities or fail to install effective protective software, making the system vulnerable to hacker intrusion.
Finally, the cunning and greed of criminals are also important reasons for theft to occur. They use their own technological means to constantly search for vulnerabilities in the network system and use them as a breakthrough point for theft. At the same time, in order to pursue more interests, they often resort to any means, even resorting to violent means, to achieve their goals.
In summary, the lack of awareness of network security, technological loopholes, and lack of protective measures, as well as the cunning and greed of criminals, collectively led to the occurrence of this theft.
(1)Target analyzed the continuously escalating alerts received and deemed it unnecessary to take any action. But because the system is new, Target’s experts still don’t fully trust it.
(2)There are still loopholes in Target’s security measures, which allow cybercriminals to discover and exploit vulnerabilities in Target’s infrastructure to obtain information.
(3)Fazio’s employees lack sufficient security awareness, leading to cybercriminals relaxing phishing emails and obtaining user codes and passwords.
For the bottom line,
(1) In terms of image, he was severely criticized for failing to take action on the initial alert, delaying the disclosure of violations, and the inability of the customer service department to respond to customers. And for the first time, it scored negative in all consumer perception surveys.
(2) On the customer side, the cost of customer churn and default has affected quarterly and annual performance, far from meeting Wall Street’s goals. The difficulties brought about by the company’s expansion in Canada were a factor that led to the failure to achieve its goals.
(3) Target faces multiple lawsuits, each demanding millions of dollars in compensation.
For internal Targett,
(1) Target announces the resignation of its Chief Information Officer
(2) The first step is to comprehensively reform its information security and compliance structure and practices.
(3) Step 2, announce the establishment of two key positions that will be recruited from external sources
For Target’s project,
(1) Implement a chip card and personal identification number payment (chip and PIN) system six months in advance.
For customers:
(1) If the card is cancelled and the cardholder has pending or recurring transactions, they must contact every relevant merchant. Canceling credit cards can also lead to further headaches.
(2) In addition to violating personal privacy, the resulting identity theft also forces victims to embark on a long and arduous process to defend their identity and prove to all parties that they have not committed any illegal acts.
I believe the fundamental cause of this theft is the negligence of the staff.(From Target’s perspective, we do not consider the factor of customers being deceived by phishing emails.) When the detection system identified a risk, the company’s information security experts did not take the system alerts seriously. The theft method was traditional, and although the company was equipped with an expensive and top-tier detection system, the experts chose to ignore the alerts when they received them just because the system is new and them don’t trust it and they even didn’t do the double check! As no company can reduce the risk to the 0,we should be more cautious with system alerts and more vigilant about everything that happens.
The following materials are the basis for my response:
“Experts agree that the attack was perpetrated by cybercriminals who used a well-known strategy and what are in fact fairly conventional technological tools.
But even with this unauthorized access, Target was, in theory at least, shielded against such attacks. Indeed, six months earlier, it had invested the tidy sum of $1.6 million to implement an antimalware system called FireEye.
Despite Target’s extensive investment in cybersecurity measures, cybercriminals managed to steal a large amount of data through sophisticated technology, international teamwork, exploiting system vulnerabilities, and choosing peak times to carry out their attacks.
1. The cybercriminals demonstrated a high level of skill in bypassing Target’s multiple security safeguards, such as network segmentation, firewalls, malware detection, intrusion detection and prevention tools.
2. The attack may have been executed by international cybercrime teams that have the resources and skills to carry out large-scale data theft. The stolen data was transferred to servers in Moscow, suggesting the possible involvement of criminal groups in Russia and Ukraine.
3. Exploit security vulnerabilities: Attackers exploit vulnerabilities in Target’s security systems to trick employees into downloading and executing malicious code through phishing attacks. Once inside a system, malware can spread and collect large amounts of sensitive data.
This data breach occurred due to several factors. First, the hackers exploited remote access to Fazio Mechanical Services, a vendor of the target company, and obtained the vendor’s user codes and passwords by sending phishing emails. This allowed the hacker to remotely gain access to the target company’s network and, exploiting a flaw in the security measures, successfully gain access to the company’s payment system network, thereby installing malware. Second, the target company’s security software, FireEye, was able to detect suspicious activity, but because the system was new and lacked trust, the experts had turned off the feature to automatically eliminate software deemed “malicious” or “unauthorized”. In addition, the target company’s anti-virus system also detected suspicious activity on servers protected by FireEye, but this alert was also ignored. Finally, the experts at the target company did not do a better job in evaluating the received alerts, resulting in the attack not being stopped. Taken together, these factors contributed to the occurrence of this data breach.
1. The combination of vulnerabilities in Target’s IT infrastructure.
2. The successful phishing attack because of a lack of vigilance among employees.
3. The failure to properly assess and respond to security alerts.
1.Vulnerability in the supply chain: cyber-criminals gained initial access by stealing the login credentials of an HVAC supplier who had remote access to Target’s network, which exploited a vulnerability in a supply chain to commit the crime.
2.Failed to properly configure and monitor security systems: The company invested $1.6 million in a malware detection system, but its security team missed the system’s warnings about suspicious activity and failed to act. In addition, they disabled some features that automatically remove malware, significantly increasing the risk.
3.Low security level: Once inside a vendor’s network through its credentials, cybercriminals are able to bypass other layers of security and move and access the network of payment systems connected to point-of-sale terminals.
4. Payment card security weaknesses: At the time, the payment card technology used by Target was outdated and did not use more secure chip and PIN. The malware can easily copy unencrypted card data from terminal memory during a transaction.
In general, it is mainly because of the above several factors that contributed to the occurrence of apology cases.
Thefts cannot be separated from vulnerabilities in cybersecurity, and although the relevant parties provide protection for the network, it is clear after the thefts that the protection is still not comprehensive enough. In addition to cybersecurity, Target’s security system issued numerous alerts that were ignored by the security team, and security software was not used by the experts; if any of these factors had been taken into account, the results could have been different.
In Target’s case, the following factors contributed to the data breach:
1. Malware installation: Hackers successfully installed malware on Target’s point-of-sale terminals. The malware is a memory scratcher capable of copying and saving raw, unencrypted data the moment a trading server stores it in memory. This malware is difficult to detect by commonly used intrusion detection software, and usually removes any traces left behind.
2. Exploit: Hackers took advantage of remote access to Fazio Mechanical Services, a Target vendor, and obtained user codes and passwords by sending phishing emails to the vendor’s employees. Using this information, hackers were able to gain remote access to Target’s network and exploit vulnerabilities in security measures to gain access to the company’s payment system network, paving the way for them to install malware.
3. Failure of security measures: Although Target has multiple layers of protection in place for cybersecurity, including segmentation, firewalls, malware detection software, intrusion detection software, etc., these measures did not prevent hackers from finding and exploiting vulnerabilities in Target’s IT infrastructure. In addition, Target’s security experts disabled the new system’s ability to automatically eliminate “malicious” or “unauthorized” software because they did not fully trust the system.
4. Missed alerts: Target’s security software, FireEye, sent out multiple alerts that were ignored by local teams. If experts had better assessed the alerts they received, the theft might have been prevented.
The key factors include: the sophisticated technology and organization of cyber criminals, who took advantage of Target's security vulnerabilities and may have planted malware through phishing and other means; human error, such as staff misjudging phishing emails; and the ability of cyber criminals to exploit the security vulnerabilities of Target Security system alerts were ignored and Target experts disabled certain features of the security software, failing to respond to advanced alerts from the FireEye system in a timely manner. Together, these factors allow hackers to install BlackPOS malware on Target's systems and steal large amounts of sensitive data.
The theft occurred mainly because cyber criminals took advantage of a weakness of Target, that is, they invaded Target’s network through the user code and password of its supplier Fazio Mechanical Services. Hackers obtained these credentials through phishing emails, and then used this information to access the payment system network, and installed malicious software on the point-of-sale terminal. This software is called BlackPOS, which is specially designed to copy credit card and debit card information in a short time when the data in the random access memory of the transaction processing server is unencrypted. Because this kind of malware is difficult to be found by conventional intrusion detection software, and it will remove traces, companies usually need to conduct in-depth investigation to find it after being invaded.
Factors that allowed the theft included the vendor’s compromised remote access, failure to properly assess monitoring alerts, deactivation of security features due to lack of trust, and the use of known malware tactics difficult to detect..
1.The hackers used the remote access of Fazio Mechanical Services, a supplier of the target company, to obtain the supplier’s user code and password by sending phishing emails. This allowed hackers to remotely access the target company’s network and exploit vulnerabilities in security measures to successfully access the company’s payment system network, allowing them to install malware.
2.FireEye, the target company’s security software, was able to detect suspicious activity, but because the system was new and lacked trust, the experts turned off the feature that automatically removed software deemed “malicious” or “unauthorized.”
3.The target company’s antivirus system detected suspicious activity on servers protected by FireEye, but this alert was also ignored
4.The target company’s experts did not better evaluate the received alerts, resulting in the attack was not stopped.
The cause of this incident is multifaceted, which I’ll explain as internal and external factors.
Internal Factors:
1. Experts at Target Company were overly confident in their judgments, failing to promptly alert authorities after the incident and disabling the alert function of the new system.
2. Target Company’s endpoint security was low, neglecting security measures for front-end users of company products, allowing malicious software to infiltrate the company’s sensitive internal systems through external devices.
3. Target Company did not provide cybersecurity education to internal employees and failed to implement network isolation and protection for external sources such as emails.
4. The IT department failed to communicate information promptly to other relevant security departments.
External Factors:
1. Hackers targeting Target Company executed a well-organized attack plan with sophisticated intrusion techniques, indicating an organized criminal group. Additionally, their network attack technology was advanced, utilizing undiscovered techniques.
2. The hacker organization strategically chose the pre-Christmas Black Friday, a period when businesses focus on managing order pressures, potentially relaxing their network security defenses.
The Target data breach occurred due to several factors. First, the hackers exploited the remote access of Fazio Mechanical Services, a vendor, to obtain its user codes and passwords by sending phishing emails to the company’s employees. This allowed the hackers to gain remote access to Target’s network and, taking advantage of vulnerabilities in security measures, successfully accessed the company’s payment system network, allowing them to install malware. Second, although Target has multiple layers of protection in place for the security of its IT infrastructure, including segmentation, firewalls, malware detection software, intrusion detection software, and data loss prevention tools, these measures have not prevented hackers from finding and exploiting vulnerabilities in Target’s IT infrastructure. In addition, Target’s security experts did not react appropriately when they received an alert from the monitoring system, resulting in the attack not being stopped. Finally, Target’s security software itself has the ability to automatically remove software deemed “malicious” or “unauthorized,” but because the system is new and not yet fully trusted, Target’s experts have disabled this feature. Therefore, these factors together led to the occurrence of the Target data breach.
The malicious software used by cybercriminals is very complex and difficult to defend against. The most important thing is that advanced malware detection systems such as FireEye have issued several advanced alerts since November 30th, but Target’s security team ignored these warnings because distrust of the system disabled the system’s automatic malware removal function, resulting in hackers ultimately installing BlackPOS malware on POS terminals
Target invests a lot of money and technology in cybersecurity, but hackers are constantly using new methods and techniques to steal huge amounts of data.
In actual cases, cybercriminals have demonstrated a high degree of professionalism and skilled technology. In addition to the ability to perform accurate analysis of security systems, these criminals use highly strategic means including segmented detection, echelon intrusion and other means to steal data and destroy traces in a timely manner.
However, it is worth reviewing the serious failure of Target’s staff and experts responsible for information security. Since November 30, they have been receiving escalating alerts, and advanced malware detection systems such as FireEye have issued several advanced alerts that have been ignored by security teams. This serious dereliction of duty directly led to the successful installation of malware by cybercriminals.
The occurrence of this theft case is not caused by a single factor, but the complex result of multiple factors.
First and foremost is the cunning and greed of criminals, who use technology to successfully evade security detection and lurk in the system for a long time, waiting for the opportunity. In addition, the existence of technical vulnerabilities has become an opening for hackers to launch attacks on the technical weaknesses of target companies, such as point-of-sale networks (POS), by installing malware such as BlackPOS variants, which can easily capture and steal credit card information.
However, inadequate security measures are also the cause of this incident. System vulnerabilities were not patched in time, intrusion detection systems were not functioning, and even security teams ignored suspicious activity warnings from systems, or even actively disabled the automatic removal of malware, which certainly increased the risk. At the same time, the low level of security also provides convenience for hackers, who once they enter the network through illegal means, they can easily bypass other security layers and directly access the payment system network.
Finally, the weak security of payment cards also foreshadowed the incident. At the time, the payment card technology used by Target was outdated and failed to adopt more secure chip and PIN technology, allowing malware to easily copy unencrypted card data during transactions.
The theft occurred for several factors: 1. The team of hackers that targeted Target’s network infrastructure has the complex skills and expertise to exploit security vulnerabilities in the target company.2. Employees of Fazio Mechanical Services, Target’s supplier, leaked their user code and password after receiving a phishing email, allowing hackers to remotely access Target’s network.3. Target’s security software, FireEye, shut down the ability to automatically remove software considered “malicious” or “unauthorized” shortly after the system was newly established, allowing hackers to successfully install malware software.4. Target’s security team failed to take timely action after receiving the alert, allowing the hackers to attack before the data was transferred. In summary, the theft occurred because the hacker team took advantage of the Target vendor vulnerability, the shutdown of security software and the factors of the security team’s failure to act in time.
Target failed to take action on multiple security alerts, resulting in theft. Although Target has advanced malware detection system FireEye, the security team ignored these warnings. In addition, Target has disabled FireEye’s automatic malware removal function, further weakening defense. The failure to respond to security alerts internally is a key factor in the occurrence of theft.
Target’s experts overlooked timely alerts, which may have been a factor in theft. Target has publicly acknowledged receiving alerts since November 30th and has been analyzed by local teams, believing that no action is needed. Security software itself can automatically clear software that is deemed “malicious” or “unauthorized”, but Target’s experts have disabled this feature because they do not fully trust this new system. The additional alerts issued by Target’s own antivirus system were also ignored, resulting in data theft in the end.
The reasons for theft are multifaceted. Firstly, cybercriminals exhibit a high degree of complexity and technical skills. They are able to create malware and bypass the strong security measures implemented by Target, including segmentation, firewalls, malware detection software, intrusion detection software, and prevention tools. Secondly, the attack may have been carried out by an international organized criminal group. This gives them the necessary resources and skills to carry out such large-scale data theft. The stolen data was ultimately transferred to servers in Moscow, indicating the involvement of criminal gangs involved in Russia and Ukraine, which have been identified as centers for data theft and sales over the past decade. Thirdly, the attack exploited a vulnerability in the Target system, allowing malicious software to be introduced. This may be achieved through various means, such as phishing attacks, luring employees to download and execute malicious code. Once in the system, malicious software can spread and collect a large amount of sensitive data. Finally, the attack occurred during busy shopping periods, such as the holiday season. This increases the volume of transactions and data flowing through the Target system, providing a larger information pool for cybercriminals. The combination of these factors enabled successful theft, despite Target investing in cybersecurity measures.
Although Target has powerful security measures, including multiple layers of protection, and complies with international standards such as PCI DSS, its IT infrastructure has vulnerabilities that can be exploited by attackers. (2) Human error has played an important role; An employee of Fazio Mechanical Services directly caused unauthorized access to the Target network due to phishing emails. (3) After the detection system issued the highest level alarm, the company team did not take action. (4) Target experts have disabled the antivirus function of security software.
1 Immediate response
Ballard promptly attempted to reach Dean Rao by phone, but was unsuccessful. While quick action is important, the lack of communication necessitates exploring alternative means of contact without delay.
2 Email correspondence
Ballard sent an email to verify Rao’s safety and received confirmation that he was safe and in contact with the police. This exchange ensured the physical well-being of the senior member and provided information to law enforcement authorities.
As previously mentioned,.the malicious software utilized by cybercriminals is highly sophisticated and challenging to defend against. Furthermore, despite more than 30 advanced malware detection systems, such as FireEye, issuing over 30 advanced alerts regarding the target security system since November, they were disregarded due to the suspect being disabled on the system for automatic removal of malware features. This oversight could have allowed hackers to install malware in critical locations, leading to potential blackpos
There are several reasons for similar retail theft. First, cybercriminals are highly sophisticated and technically specialized. They can develop malware to prevent effective security measures such as decoding tools, firewalls, malware detection tools, and protection.
Second, it is highly likely that the attack was launched by an international cybercriminal organization with the ability to steal large-scale data resources and resources. So the leaked material was transferred to servers in Moscow, linked to a criminal group in Russia and Ukraine.
Third, the target allows users to exploit security vulnerabilities to access the system. This can be done in a number of ways. For example, by allowing employees to download information and execute hazardous codes, they can transmit hazardous information and collect large amounts of confidential information when they enter the system.
Terrorist attacks occur when people are online in large numbers during the holiday season, such as expanding the range of information, expanding the opportunities for criminals to go online, etc.
The reasons for the attack on Target: the experts were too confident, did not alert the police in time and disabled the alarm function of the new system; Low endpoint security, ignoring the security measures of the front-end users of the product, resulting in malware penetrating sensitive internal systems through external devices; Failure to educate internal employees on network security and to implement network isolation and protection; The IT department does not communicate with other security departments. In addition, the hackers orchestrated the attack plan, using advanced technology, indicating organized criminal gangs; The hackers chose to attack on Black Friday, before Christmas, when businesses are busy dealing with order pressure, potentially loosening cybersecurity defenses.
The main reason for this theft case is not only the cunning of the hackers, but also the negligence of the Target team. In fact, this theft can be prevented.
Target invested $1.6 million six months ago to implement an anti malware system called FireEye. Its working principle is to create virtual rooms that attract hackers to detect them before they successfully penetrate the protected system. There will be a team of experts working day and night to monitor the results of these monitoring activities, and if any suspicious behavior is found, the team of Target Security Operations Center will be notified.
However, even though Target has received continuously escalating alerts since November 30th, its security team has analyzed and deemed it unnecessary to take any action. In addition, the ability of security software to automatically eradicate software that is considered “malicious” or “unauthorized” has also been disabled by Target’s experts because the system is new and cannot be fully trusted. At the end of November, even Target’s own antivirus system detected suspicious activity on servers protected by FireEye, and this additional alert was ignored by Target, ultimately leading to the accident.
Yusen Luo says
The expert’s neglect of timely alerts could be the factors allowed the theft to take place.Target publicly acknowledged that escalating alerts had been received starting on Nov 30 and its local teams had analyzed them and deemed no action was necessary.The security software itself would have been able to prevent the attack as it will automatically eradicate software deemed to be “malicious” or “unauthorized”.However,Target’s experts deactivated this feature because they did not trust this new system completely and failed to thwart the attack before the first data were transferred.The additional alert sent by Target’s own anti-virus system was also ignored which led to the final theft of data.
Tongjia Zhang says
The theft that occurred at Target and similar retailers was enabled by a combination of factors. Firstly, the cybercriminals exhibited a high level of sophistication and technical skills. They were able to create malware that bypassed the robust security measures implemented by Target, including segmentation, firewalls, malware detection software, intrusion detection software, and prevention tools.
Secondly, the attack was likely carried out by an organized team of cybercriminals operating internationally. This allowed them to have the necessary resources and skills to perpetrate such a large-scale data theft. The fact that the stolen data was ultimately transferred to a server in Moscow suggests the involvement of criminal groups based in Russia and Ukraine, which have been identified as hubs for data theft and sale over the past decade.
Thirdly, the attack exploited a weakness in Target’s security that allowed the malware to be introduced into the system. This could have been through various means, such as a phishing attack that tricked an employee into downloading and executing the malicious code. Once inside the system, the malware was able to spread and collect vast amounts of sensitive data.
Finally, the attack took place during a busy shopping period, such as the holiday season. This increased the volume of transactions and data flowing through Target’s systems, providing a larger pool of information for the cybercriminals to target. The combination of these factors allowed the theft to take place successfully despite Target’s investment in cybersecurity measures.
Qian Wang says
(1) Despite having robust security measures in place, including multiple layers of protection and compliance with international standards such as PCI DSS, Target’s IT infrastructure had vulnerabilities that were exploited by the attackers.
(2) Human error played a significant role; an employee from Fazio Mechanical Services falling for a phishing email led directly to unauthorized access to Target’s network.
(3) After the detection system raised the highest level of alarm, the company’s team took no action.
(4) Target experts disabled the antivirus feature of the security software.
Menghe LI says
Lack of Segmentation: Once inside, the attackers could move laterally within Target’s network due to insufficient network segmentation, allowing access to the payment system network.
Advanced Malware: The malware used (similar to BlackPOS) was sophisticated and designed to avoid detection by traditional intrusion detection systems. It captured card data during the transaction process when the data was unencrypted.
Ignored Alerts: Despite having an advanced anti-malware system (FireEye) that issued several high-level alerts, Target’s security team failed to act on these warnings. The anti-virus system also flagged suspicious activity, which was ignored.
Deactivation of Security Features: Target’s team had deactivated the automatic malware eradication feature of the FireEye system due to a lack of trust in the new system.
Dongchang Liu says
The most crucial factor that allowed the theft to take place was Target’s failure to act on multiple security alerts. Despite having advanced malware detection systems like FireEye in place, which issued several high-level alerts starting on November 30, Target’s security team ignored these warnings. This oversight allowed the hackers to install BlackPOS malware on the POS terminals, capturing card data from the terminals’ RAM. Additionally, Target had disabled the automatic malware eradication feature of FireEye, further compromising their defense. This internal failure to respond to security alerts was the key factor that enabled the breach to occur.
Zhichao Lin says
1.Failure to Act on Alerts: Despite receiving alerts from their advanced anti-malware system, FireEye, about suspicious activities, Target’s security team did not take necessary actions, failing to prevent the breach.
2.Lack of Full Trust in Security Systems: Target’s experts had deactivated an automatic malware eradication feature of the FireEye system, due to their lack of trust in the newly implemented system.
3.Poor Internal Communication: Alerts regarding the suspicious activities were not properly escalated within Target’s security operations center, resulting in a delayed response to the emerging threat.
Ao Li says
-Cybercriminals used malware to gain access to Target’s systems.
-The lack of timely detection allowed the attackers to go undetected for an extended period of time.
-An employee clicked on a simple phishing email sent by cybercriminals, resulting in the compromise of user credentials and subsequent unauthorized access to Target’s network.
-A vulnerability in a third-party service or software.
-Stolen data is not properly encrypted or protected.
Yifei Que says
(1) Technical vulnerabilities: Hackers exploit the technical vulnerabilities of target companies (such as Target), particularly their point of sale network (POS). These vulnerabilities allow hackers to invade the system, install malware (such as variants of BlackPOS), and thus capture and steal credit card information.
(2) Shortcomings in security measures: The target company may have deficiencies in network security and data protection, failing to detect and prevent such attacks in a timely manner. This may include failure to regularly update and patch system vulnerabilities, lack of effective intrusion detection systems, or insufficient security awareness training for employees.
(3) The concealment of malicious software: The malicious software used by hackers has a high degree of concealment and can evade the detection of traditional security software. This allows hackers to lurk in the system for a long time without being detected by the target company.
Jianan Wu says
The occurrence of this theft is the result of multiple factors working together. Firstly, the lack of awareness of network security is the fundamental cause of theft. Both enterprises and individuals should fully recognize the importance of network security and take corresponding protective measures. However, due to weak awareness of cybersecurity, potential risks are often overlooked, leaving opportunities for criminals to take advantage of.
Secondly, technological vulnerabilities and lack of protective measures are also important factors leading to theft. In today’s rapidly changing information technology, network attack methods are constantly emerging. However, some enterprises and individuals, due to technological limitations, fail to timely fix system vulnerabilities or fail to install effective protective software, making the system vulnerable to hacker intrusion.
Finally, the cunning and greed of criminals are also important reasons for theft to occur. They use their own technological means to constantly search for vulnerabilities in the network system and use them as a breakthrough point for theft. At the same time, in order to pursue more interests, they often resort to any means, even resorting to violent means, to achieve their goals.
In summary, the lack of awareness of network security, technological loopholes, and lack of protective measures, as well as the cunning and greed of criminals, collectively led to the occurrence of this theft.
Ruoyu Zhi says
(1)Target analyzed the continuously escalating alerts received and deemed it unnecessary to take any action. But because the system is new, Target’s experts still don’t fully trust it.
(2)There are still loopholes in Target’s security measures, which allow cybercriminals to discover and exploit vulnerabilities in Target’s infrastructure to obtain information.
(3)Fazio’s employees lack sufficient security awareness, leading to cybercriminals relaxing phishing emails and obtaining user codes and passwords.
Ruoyu Zhi says
For Target Company:
For the bottom line,
(1) In terms of image, he was severely criticized for failing to take action on the initial alert, delaying the disclosure of violations, and the inability of the customer service department to respond to customers. And for the first time, it scored negative in all consumer perception surveys.
(2) On the customer side, the cost of customer churn and default has affected quarterly and annual performance, far from meeting Wall Street’s goals. The difficulties brought about by the company’s expansion in Canada were a factor that led to the failure to achieve its goals.
(3) Target faces multiple lawsuits, each demanding millions of dollars in compensation.
For internal Targett,
(1) Target announces the resignation of its Chief Information Officer
(2) The first step is to comprehensively reform its information security and compliance structure and practices.
(3) Step 2, announce the establishment of two key positions that will be recruited from external sources
For Target’s project,
(1) Implement a chip card and personal identification number payment (chip and PIN) system six months in advance.
For customers:
(1) If the card is cancelled and the cardholder has pending or recurring transactions, they must contact every relevant merchant. Canceling credit cards can also lead to further headaches.
(2) In addition to violating personal privacy, the resulting identity theft also forces victims to embark on a long and arduous process to defend their identity and prove to all parties that they have not committed any illegal acts.
Yihan Wang says
I believe the fundamental cause of this theft is the negligence of the staff.(From Target’s perspective, we do not consider the factor of customers being deceived by phishing emails.) When the detection system identified a risk, the company’s information security experts did not take the system alerts seriously. The theft method was traditional, and although the company was equipped with an expensive and top-tier detection system, the experts chose to ignore the alerts when they received them just because the system is new and them don’t trust it and they even didn’t do the double check! As no company can reduce the risk to the 0,we should be more cautious with system alerts and more vigilant about everything that happens.
The following materials are the basis for my response:
“Experts agree that the attack was perpetrated by cybercriminals who used a well-known strategy and what are in fact fairly conventional technological tools.
But even with this unauthorized access, Target was, in theory at least, shielded against such attacks. Indeed, six months earlier, it had invested the tidy sum of $1.6 million to implement an antimalware system called FireEye.
Xinyue Zhang says
Despite Target’s extensive investment in cybersecurity measures, cybercriminals managed to steal a large amount of data through sophisticated technology, international teamwork, exploiting system vulnerabilities, and choosing peak times to carry out their attacks.
1. The cybercriminals demonstrated a high level of skill in bypassing Target’s multiple security safeguards, such as network segmentation, firewalls, malware detection, intrusion detection and prevention tools.
2. The attack may have been executed by international cybercrime teams that have the resources and skills to carry out large-scale data theft. The stolen data was transferred to servers in Moscow, suggesting the possible involvement of criminal groups in Russia and Ukraine.
3. Exploit security vulnerabilities: Attackers exploit vulnerabilities in Target’s security systems to trick employees into downloading and executing malicious code through phishing attacks. Once inside a system, malware can spread and collect large amounts of sensitive data.
Mengfan Guo says
This data breach occurred due to several factors. First, the hackers exploited remote access to Fazio Mechanical Services, a vendor of the target company, and obtained the vendor’s user codes and passwords by sending phishing emails. This allowed the hacker to remotely gain access to the target company’s network and, exploiting a flaw in the security measures, successfully gain access to the company’s payment system network, thereby installing malware. Second, the target company’s security software, FireEye, was able to detect suspicious activity, but because the system was new and lacked trust, the experts had turned off the feature to automatically eliminate software deemed “malicious” or “unauthorized”. In addition, the target company’s anti-virus system also detected suspicious activity on servers protected by FireEye, but this alert was also ignored. Finally, the experts at the target company did not do a better job in evaluating the received alerts, resulting in the attack not being stopped. Taken together, these factors contributed to the occurrence of this data breach.
Wenhan Zhao says
1. The combination of vulnerabilities in Target’s IT infrastructure.
2. The successful phishing attack because of a lack of vigilance among employees.
3. The failure to properly assess and respond to security alerts.
Luxiao Xue says
1.Vulnerability in the supply chain: cyber-criminals gained initial access by stealing the login credentials of an HVAC supplier who had remote access to Target’s network, which exploited a vulnerability in a supply chain to commit the crime.
2.Failed to properly configure and monitor security systems: The company invested $1.6 million in a malware detection system, but its security team missed the system’s warnings about suspicious activity and failed to act. In addition, they disabled some features that automatically remove malware, significantly increasing the risk.
3.Low security level: Once inside a vendor’s network through its credentials, cybercriminals are able to bypass other layers of security and move and access the network of payment systems connected to point-of-sale terminals.
4. Payment card security weaknesses: At the time, the payment card technology used by Target was outdated and did not use more secure chip and PIN. The malware can easily copy unencrypted card data from terminal memory during a transaction.
In general, it is mainly because of the above several factors that contributed to the occurrence of apology cases.
Chaoyue Li says
Thefts cannot be separated from vulnerabilities in cybersecurity, and although the relevant parties provide protection for the network, it is clear after the thefts that the protection is still not comprehensive enough. In addition to cybersecurity, Target’s security system issued numerous alerts that were ignored by the security team, and security software was not used by the experts; if any of these factors had been taken into account, the results could have been different.
Fang Dong says
In Target’s case, the following factors contributed to the data breach:
1. Malware installation: Hackers successfully installed malware on Target’s point-of-sale terminals. The malware is a memory scratcher capable of copying and saving raw, unencrypted data the moment a trading server stores it in memory. This malware is difficult to detect by commonly used intrusion detection software, and usually removes any traces left behind.
2. Exploit: Hackers took advantage of remote access to Fazio Mechanical Services, a Target vendor, and obtained user codes and passwords by sending phishing emails to the vendor’s employees. Using this information, hackers were able to gain remote access to Target’s network and exploit vulnerabilities in security measures to gain access to the company’s payment system network, paving the way for them to install malware.
3. Failure of security measures: Although Target has multiple layers of protection in place for cybersecurity, including segmentation, firewalls, malware detection software, intrusion detection software, etc., these measures did not prevent hackers from finding and exploiting vulnerabilities in Target’s IT infrastructure. In addition, Target’s security experts disabled the new system’s ability to automatically eliminate “malicious” or “unauthorized” software because they did not fully trust the system.
4. Missed alerts: Target’s security software, FireEye, sent out multiple alerts that were ignored by local teams. If experts had better assessed the alerts they received, the theft might have been prevented.
Yi Zheng says
The key factors include: the sophisticated technology and organization of cyber criminals, who took advantage of Target's security vulnerabilities and may have planted malware through phishing and other means; human error, such as staff misjudging phishing emails; and the ability of cyber criminals to exploit the security vulnerabilities of Target Security system alerts were ignored and Target experts disabled certain features of the security software, failing to respond to advanced alerts from the FireEye system in a timely manner. Together, these factors allow hackers to install BlackPOS malware on Target's systems and steal large amounts of sensitive data.
Baowei Guo says
The theft occurred mainly because cyber criminals took advantage of a weakness of Target, that is, they invaded Target’s network through the user code and password of its supplier Fazio Mechanical Services. Hackers obtained these credentials through phishing emails, and then used this information to access the payment system network, and installed malicious software on the point-of-sale terminal. This software is called BlackPOS, which is specially designed to copy credit card and debit card information in a short time when the data in the random access memory of the transaction processing server is unencrypted. Because this kind of malware is difficult to be found by conventional intrusion detection software, and it will remove traces, companies usually need to conduct in-depth investigation to find it after being invaded.
Yimo Wu says
Factors that allowed the theft included the vendor’s compromised remote access, failure to properly assess monitoring alerts, deactivation of security features due to lack of trust, and the use of known malware tactics difficult to detect..
Yuqing Yin says
1.The hackers used the remote access of Fazio Mechanical Services, a supplier of the target company, to obtain the supplier’s user code and password by sending phishing emails. This allowed hackers to remotely access the target company’s network and exploit vulnerabilities in security measures to successfully access the company’s payment system network, allowing them to install malware.
2.FireEye, the target company’s security software, was able to detect suspicious activity, but because the system was new and lacked trust, the experts turned off the feature that automatically removed software deemed “malicious” or “unauthorized.”
3.The target company’s antivirus system detected suspicious activity on servers protected by FireEye, but this alert was also ignored
4.The target company’s experts did not better evaluate the received alerts, resulting in the attack was not stopped.
Zijian Tian says
The cause of this incident is multifaceted, which I’ll explain as internal and external factors.
Internal Factors:
1. Experts at Target Company were overly confident in their judgments, failing to promptly alert authorities after the incident and disabling the alert function of the new system.
2. Target Company’s endpoint security was low, neglecting security measures for front-end users of company products, allowing malicious software to infiltrate the company’s sensitive internal systems through external devices.
3. Target Company did not provide cybersecurity education to internal employees and failed to implement network isolation and protection for external sources such as emails.
4. The IT department failed to communicate information promptly to other relevant security departments.
External Factors:
1. Hackers targeting Target Company executed a well-organized attack plan with sophisticated intrusion techniques, indicating an organized criminal group. Additionally, their network attack technology was advanced, utilizing undiscovered techniques.
2. The hacker organization strategically chose the pre-Christmas Black Friday, a period when businesses focus on managing order pressures, potentially relaxing their network security defenses.
Ziyi Wan says
The Target data breach occurred due to several factors. First, the hackers exploited the remote access of Fazio Mechanical Services, a vendor, to obtain its user codes and passwords by sending phishing emails to the company’s employees. This allowed the hackers to gain remote access to Target’s network and, taking advantage of vulnerabilities in security measures, successfully accessed the company’s payment system network, allowing them to install malware. Second, although Target has multiple layers of protection in place for the security of its IT infrastructure, including segmentation, firewalls, malware detection software, intrusion detection software, and data loss prevention tools, these measures have not prevented hackers from finding and exploiting vulnerabilities in Target’s IT infrastructure. In addition, Target’s security experts did not react appropriately when they received an alert from the monitoring system, resulting in the attack not being stopped. Finally, Target’s security software itself has the ability to automatically remove software deemed “malicious” or “unauthorized,” but because the system is new and not yet fully trusted, Target’s experts have disabled this feature. Therefore, these factors together led to the occurrence of the Target data breach.
Weifan Qiao says
The malicious software used by cybercriminals is very complex and difficult to defend against. The most important thing is that advanced malware detection systems such as FireEye have issued several advanced alerts since November 30th, but Target’s security team ignored these warnings because distrust of the system disabled the system’s automatic malware removal function, resulting in hackers ultimately installing BlackPOS malware on POS terminals
Kang Shao says
Target invests a lot of money and technology in cybersecurity, but hackers are constantly using new methods and techniques to steal huge amounts of data.
In actual cases, cybercriminals have demonstrated a high degree of professionalism and skilled technology. In addition to the ability to perform accurate analysis of security systems, these criminals use highly strategic means including segmented detection, echelon intrusion and other means to steal data and destroy traces in a timely manner.
However, it is worth reviewing the serious failure of Target’s staff and experts responsible for information security. Since November 30, they have been receiving escalating alerts, and advanced malware detection systems such as FireEye have issued several advanced alerts that have been ignored by security teams. This serious dereliction of duty directly led to the successful installation of malware by cybercriminals.
Yucheng Hou says
The occurrence of this theft case is not caused by a single factor, but the complex result of multiple factors.
First and foremost is the cunning and greed of criminals, who use technology to successfully evade security detection and lurk in the system for a long time, waiting for the opportunity. In addition, the existence of technical vulnerabilities has become an opening for hackers to launch attacks on the technical weaknesses of target companies, such as point-of-sale networks (POS), by installing malware such as BlackPOS variants, which can easily capture and steal credit card information.
However, inadequate security measures are also the cause of this incident. System vulnerabilities were not patched in time, intrusion detection systems were not functioning, and even security teams ignored suspicious activity warnings from systems, or even actively disabled the automatic removal of malware, which certainly increased the risk. At the same time, the low level of security also provides convenience for hackers, who once they enter the network through illegal means, they can easily bypass other security layers and directly access the payment system network.
Finally, the weak security of payment cards also foreshadowed the incident. At the time, the payment card technology used by Target was outdated and failed to adopt more secure chip and PIN technology, allowing malware to easily copy unencrypted card data during transactions.
Jingyu Jiang says
The theft occurred for several factors: 1. The team of hackers that targeted Target’s network infrastructure has the complex skills and expertise to exploit security vulnerabilities in the target company.2. Employees of Fazio Mechanical Services, Target’s supplier, leaked their user code and password after receiving a phishing email, allowing hackers to remotely access Target’s network.3. Target’s security software, FireEye, shut down the ability to automatically remove software considered “malicious” or “unauthorized” shortly after the system was newly established, allowing hackers to successfully install malware software.4. Target’s security team failed to take timely action after receiving the alert, allowing the hackers to attack before the data was transferred. In summary, the theft occurred because the hacker team took advantage of the Target vendor vulnerability, the shutdown of security software and the factors of the security team’s failure to act in time.
Yi Zheng says
Target failed to take action on multiple security alerts, resulting in theft. Although Target has advanced malware detection system FireEye, the security team ignored these warnings. In addition, Target has disabled FireEye’s automatic malware removal function, further weakening defense. The failure to respond to security alerts internally is a key factor in the occurrence of theft.
Target’s experts overlooked timely alerts, which may have been a factor in theft. Target has publicly acknowledged receiving alerts since November 30th and has been analyzed by local teams, believing that no action is needed. Security software itself can automatically clear software that is deemed “malicious” or “unauthorized”, but Target’s experts have disabled this feature because they do not fully trust this new system. The additional alerts issued by Target’s own antivirus system were also ignored, resulting in data theft in the end.
The reasons for theft are multifaceted. Firstly, cybercriminals exhibit a high degree of complexity and technical skills. They are able to create malware and bypass the strong security measures implemented by Target, including segmentation, firewalls, malware detection software, intrusion detection software, and prevention tools. Secondly, the attack may have been carried out by an international organized criminal group. This gives them the necessary resources and skills to carry out such large-scale data theft. The stolen data was ultimately transferred to servers in Moscow, indicating the involvement of criminal gangs involved in Russia and Ukraine, which have been identified as centers for data theft and sales over the past decade. Thirdly, the attack exploited a vulnerability in the Target system, allowing malicious software to be introduced. This may be achieved through various means, such as phishing attacks, luring employees to download and execute malicious code. Once in the system, malicious software can spread and collect a large amount of sensitive data. Finally, the attack occurred during busy shopping periods, such as the holiday season. This increases the volume of transactions and data flowing through the Target system, providing a larger information pool for cybercriminals. The combination of these factors enabled successful theft, despite Target investing in cybersecurity measures.
Although Target has powerful security measures, including multiple layers of protection, and complies with international standards such as PCI DSS, its IT infrastructure has vulnerabilities that can be exploited by attackers. (2) Human error has played an important role; An employee of Fazio Mechanical Services directly caused unauthorized access to the Target network due to phishing emails. (3) After the detection system issued the highest level alarm, the company team did not take action. (4) Target experts have disabled the antivirus function of security software.
Ao Zhou says
1 Immediate response
Ballard promptly attempted to reach Dean Rao by phone, but was unsuccessful. While quick action is important, the lack of communication necessitates exploring alternative means of contact without delay.
2 Email correspondence
Ballard sent an email to verify Rao’s safety and received confirmation that he was safe and in contact with the police. This exchange ensured the physical well-being of the senior member and provided information to law enforcement authorities.
As previously mentioned,.the malicious software utilized by cybercriminals is highly sophisticated and challenging to defend against. Furthermore, despite more than 30 advanced malware detection systems, such as FireEye, issuing over 30 advanced alerts regarding the target security system since November, they were disregarded due to the suspect being disabled on the system for automatic removal of malware features. This oversight could have allowed hackers to install malware in critical locations, leading to potential blackpos
Ao Zhou says
There are several reasons for similar retail theft. First, cybercriminals are highly sophisticated and technically specialized. They can develop malware to prevent effective security measures such as decoding tools, firewalls, malware detection tools, and protection.
Second, it is highly likely that the attack was launched by an international cybercriminal organization with the ability to steal large-scale data resources and resources. So the leaked material was transferred to servers in Moscow, linked to a criminal group in Russia and Ukraine.
Third, the target allows users to exploit security vulnerabilities to access the system. This can be done in a number of ways. For example, by allowing employees to download information and execute hazardous codes, they can transmit hazardous information and collect large amounts of confidential information when they enter the system.
Terrorist attacks occur when people are online in large numbers during the holiday season, such as expanding the range of information, expanding the opportunities for criminals to go online, etc.
Yifan Yang says
The reasons for the attack on Target: the experts were too confident, did not alert the police in time and disabled the alarm function of the new system; Low endpoint security, ignoring the security measures of the front-end users of the product, resulting in malware penetrating sensitive internal systems through external devices; Failure to educate internal employees on network security and to implement network isolation and protection; The IT department does not communicate with other security departments. In addition, the hackers orchestrated the attack plan, using advanced technology, indicating organized criminal gangs; The hackers chose to attack on Black Friday, before Christmas, when businesses are busy dealing with order pressure, potentially loosening cybersecurity defenses.
Yahan Dai says
The main reason for this theft case is not only the cunning of the hackers, but also the negligence of the Target team. In fact, this theft can be prevented.
Target invested $1.6 million six months ago to implement an anti malware system called FireEye. Its working principle is to create virtual rooms that attract hackers to detect them before they successfully penetrate the protected system. There will be a team of experts working day and night to monitor the results of these monitoring activities, and if any suspicious behavior is found, the team of Target Security Operations Center will be notified.
However, even though Target has received continuously escalating alerts since November 30th, its security team has analyzed and deemed it unnecessary to take any action. In addition, the ability of security software to automatically eradicate software that is considered “malicious” or “unauthorized” has also been disabled by Target’s experts because the system is new and cannot be fully trusted. At the end of November, even Target’s own antivirus system detected suspicious activity on servers protected by FireEye, and this additional alert was ignored by Target, ultimately leading to the accident.