Ericsson accelerates 5G for Enterprise with the acquisition of Cradlepoint Read More

Blog

Network security part 2: how a monolithic network opened the door to target data

Cradlepoint

Network security part 2: how a monolithic network opened the door to target data

On Thursday, Dec. 19, 2013, Target revealed that data from 40 million of its customers’ credit and debit card accounts had been accessed by hackers.  I’d like to discuss how and why this happened. But before I do, I want to make it clear that I’m not singling out Target as having done anything wrong.  I’m using what happened to them simply to illustrate the kind of situation many companies are facing—even those with very good security systems and personnel.

In terms of its significance to an entire industry, the data breach at Target (like those at Neiman Marcus, Sally Beauty, etc.  See “World’s Greatest Data Breaches”)  is to retail networking what Hurricane Katrina was to the insurance industry: A once-in-a-hundred-years-event that motivates an industry to take a new look at how it does business. And this was an expensive event: Retail industry experts say the cost of the Target breach will be somewhere between $500,000,000 and $1,000,000,000.

The crux of the issues is that, in the words of another industry expert, Target “did not do enough to wall off its payment systems from the rest of its network.” As I said in Part 1, network segmentation is not an easy thing to accomplish—even with a crack security team. Exactly how hackers used this “Achilles Heel” to access Target’s POS network is very instructive.

It all began with a phishing attack, an email fraud method in which the hacker sends out a legitimate-looking mass email in an attempt to get people to disclose personal and financial information. Once attackers have had time to comb through the list of people who have “bitten” on the email scam, they choose their first victim.  (See https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/)

Once the hackers identified the HVAC company, they stole its network access credentials and used them to gain access to the Target network.

From there, the hackers used a technique that’s commonly talked about among penetration testers called a “pivot.”  Once the hacker gains access, they scan the network and look for vulnerable entry points into other systems.  They find one vulnerable system, and compromise it.  Once on that network, they search for other vulnerable entry points into other networks, and so goes the cycle until they reach something of value. Having gained entry via the HVAC system, the hackers were able to maneuver around the internal network until they got onto the vendor EDI network. From there they reached the POS network and used a customized version of Black POS to scrape Target memory.

It is useful to point out that the piece of malware the hackers used to gain entry has been around for quite a while.  If hackers can use existing tools to breach a well-protected network like this, then we as IT professionals need to accept the fact that there may be no perfect prevention, no perfect firewall, no perfect antivirus. If we want to do a better job of protecting our networks, we need to consider other approaches.

In my next post, I’ll talk about how parallel networking represents one such promising new direction in network security.

For more background information on the Target data breach, see Brian Krebs’ “KrebsOnSecurity”, and FierceIT Security’s “HVAC Vendor to Blame for Target Breach.”

Cradlepoint Network Security Series:

Part 1: Is Your Company Depending on a Monolithic Network?
Part 3: What are Parallel Networks and How are they Used?

Back to Blog

You might be interested in

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]

Context matters: turning data into threat intelligence

Context matters: turning data into threat intelligence

Guest Post Written By Webroot 1949, 1971, 1979, 1981, 1983 and 1991. Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions. Data matters, but only if it’s paired with enough context to create meaning. […]