Welcome!

News Feed Item

Cybersecurity Firm Reveals Step-by-Step Review of Infamous 2013 Target Attack

Aorato Releases New Research Report that Identifies the Untold Story of the 2013 Target Attack

TEL AVIV, Israel, August 28, 2014 /PRNewswire/ --

In December 2013, Target announced one of the retail industry's largest breaches, impacting 70 million customers and totaling 40M credit cards stolen. The financial damages to Target currently stand at $148M, and according to analyst forecasts are estimated to reach $1B. Today, cybersecurity firm, Aorato, released "The Untold Story the Target Attack; Step-by-Step" report, which carefully analyzes the publicly available report on the Target breach to provide a comprehensive view of the full Target story, while also highlighting pertinent insights into Tactics, Techniques and Procedures (TTPs) of the attackers.  While much of the attack was made public, there are still key questions that have not been answered - until now.  

"The Target Attack of 2013 is one of the most discussed and studied attacks of our time. Unfortunately, despite the flurry of public attention to the incident, key questions are still left unanswered, leaving many retailers, hoping to mitigate these issues for the future, in the dark," said Tal Be'ery, VP Research at Aorato. "Specifically, how did the attackers reach into the heart of Target's network, the POS (Point-of-Sale) system from their initial penetration point? Second, how were 70M users' "Personally Identifiable Information" (PII) exposed? Aorato's newest report uncovers the answers to these looming industry questions."

Generally speaking, the Target attackers largely followed the general APT "kill chain" attack model. However, the Target attack presents unique nuances to the model. These nuances stem from the fact that operations aiming to steal credit cards are inherently different from classic APT operations aimed at intelligence gathering and infrastructure sabotage.  The main difference is that credit card-oriented attacks are bound to be revealed in a relatively short time as the monetization path of the attackers must include massive usage of the stolen credit cards that will get detected by the credit cards vendor's fraud departments.

Main Recommendations to Retailers Storing Credit Card Information:

  • Place security and behavioral monitoring controls around Active Directory as it is involved in nearly all stages of the attack
  • Monitor and profile access patterns to systems to identify abnormal and rogue access patterns
  • Monitor for signs of reconnaissance and information gathering. Pay special attention to excessive and abnormal LDAP queries
  • Don't rely on Anti-Malware solutions as a primary mitigation measure since attackers mostly leverage legitimate IT tools
  • Invest in PCI-Compliance
  • Participate in Retail Information Sharing and Analysis Center (R-ISAC) and Retail Cyber Intelligence Sharing Center (R-CISC) groups to gain valuable intelligence on retail attackers' Tactics, Techniques and Procedures (TTPs)

To read more about this report, read here: http://www.aorato.com/blog/untold-story-target-attack-step-step/

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato  

Aorato protects organizations from advanced attacks. Recognizing Active Directory's pivotal role in the network, Aorato's flagship product, DAFTM, automatically learns the behaviors of all entities engaging directly, or indirectly, with Active Directory. By profiling the entities, DAFTM builds an interaction graph between all entities in order to detect in real-time suspicious entity behavior. Aorato is backed by strategic investors, including Eric Schmidt (Innovation Endeavors), Accel Partners, and the founders of Imperva and Trusteer.

Contact
Idan Plotnik
+1(866)-978-0277
[email protected]

SOURCE Aorato

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
“RackN is a software company and we take how a hybrid infrastructure scenario, which consists of clouds, virtualization, traditional data center technologies - how to make them all work together seamlessly from an operational perspective,” stated Dan Choquette, Founder of RackN, in this SYS-CON.tv interview at @DevOpsSummit at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togeth...
"Avere Systems is a hybrid cloud solution provider. We have customers that want to use cloud storage and we have customers that want to take advantage of cloud compute," explained Rebecca Thompson, VP of Marketing at Avere Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 7-9, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and E...
The unique combination of Amazon Web Services and Cloud Raxak, a Gartner Cool Vendor in IT Automation, provides a seamless and cost-effective way of securely moving on-premise IT workloads to Amazon Web Services. Any enterprise can now leverage the cloud, manage risk, and maintain continuous security compliance. Forrester's analysis shows that enterprises need automated security to lower security risk and decrease IT operational costs. Through the seamless integration into Amazon Web Services, ...
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
In his session at DevOps Summit, Tapabrata Pal, Director of Enterprise Architecture at Capital One, will tell a story about how Capital One has embraced Agile and DevOps Security practices across the Enterprise – driven by Enterprise Architecture; bringing in Development, Operations and Information Security organizations together. Capital Ones DevOpsSec practice is based upon three "pillars" – Shift-Left, Automate Everything, Dashboard Everything. Within about three years, from 100% waterfall, C...