![]() ![]() #Krebs group ransomwhere installBut the attackers would have been unable to install the malware if Target had employed proper network segmentation practices in the first place, Brazil said. The only really sophisticated component of the attack appears to have been the malware used to intercept and steal payment card data from Target's POS systems. ![]() But the fact that attackers were apparently able to leverage their third-party access to reach Target's payment systems suggests those practices were improperly implemented - at best, he said. It was Target's responsibility to ensure that those practices were followed, Brazil said. Even the Payment Card Industry Data Security Standard, which companies like Target are required to follow, specifies network segmentation as a way to protect sensitive cardholder data. Several mature processes and practices currently exist for securing third-party access to enterprise networks, Brazil said. "Target chose to allow a third party access to its network," but failed to properly secure that access, Brazil said.Įven if Target had a valid reason for giving Fazio access, the retailer should have segmented its network to ensure that Fazio and other third parties had no access to its payment systems. "There's nothing fancy about the breach," Brazil said. Indeed, in testimony before Congress this week, Target executives defended the company's security practices and maintained that the breach was hard to avoid because of its sophisticated nature.īut Krebs suggests that the cause was much more mundane and wholly preventable, said Jody Brazil, founder and CTO at security vendor FireMon. On Wednesday afternoon, the company's site appeared to be offline, though it was not immediately clear whether that had anything to do with Krebs' report.Įver since Target first disclosed the data breach in December, the company has portrayed itself as the victim of an especially sophisticated cyber heist. Fazio did not immediately respond to a Computerworld request for comment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |