The November data breach that affected as many as 110 million Target customers could have been stopped in its tracks, according to a story published Thursday by Bloomberg.
Speaking with more than ten former Target employees and eight people with knowledge of the hack, Bloomberg said that Target already had in place a sophisticated malware detection system designed by security firm FireEye. The $1.6 million system was set up specifically to identify hacks and cyberattacks before they had a chance to do real damage.
Highlighting the ingenuity of FireEye's detection system, Bloomberg explained that it creates a parallel network on virtual machines. As such, the hackers are led to believe they're actually breaking into the real thing, thus exposing their attack methods and other breadcrumbs without jeopardizing the true network, at least not initially.
A team of security professionals was set up in Bangalore to monitor Target's network servers and alert security operators in Minneapolis of any detected malware. And this process worked as expected during the November hack. After detecting the hack, the people in Bangalore alerted the people in Minneapolis. But that's where the ball got dropped, according to Bloomberg. The hack continued on its merry way.
Target hack strips banks and credit unions of $200M
Heating vents may have given Target hackers their opening Target works on security-heavy credit cards, after breach
Why was the hack successful despite all the warning signs? Bloomberg's sources pointed to a few reasons.
The FireEye system could have been programmed to automatically remove the malware upon detection. But that option was turned off, requiring someone to manually delete it. That's not unusual, according to one security officer interviewed by Bloomberg who explained that security professionals typically want that decision to be in their hands. But that means the security team must act quickly enough.
Two people "familiar with Target's security operations" also told Bloomberg that the company's security people may have viewed FireEye's system with some skepticism at the time of the hack. Testing of the system had just completed in May, leading to its initial rollout. Even further, the manager of Target's security operations center, Brian Bobo, had left the company in October, with no replacement to manage things.
Ultimately, though, the alerts from FireEye and from Target's Symantec Endpoint Protection system should have driven Target's security people to stop the hack before it spread.
"The malware utilized is absolutely unsophisticated and uninteresting," Jim Walter, director of threat intelligence operations at McAfee, told Bloomberg. "If Target had had a firm grasp on its network security environment, they absolutely would have observed this behavior occurring on its network."
No comments:
Post a Comment