For those of you who are now numb to the never ending news stream of IT Security breaches and credit card data exfiltrations in particular, you may have forgotten that the US retailer (Target) suffered a breach and credit card exfiltration back in late 2013, resulting in circa 40 million credit/debit card accounts stolen.
A recent review of Target's full-year earnings report for 2014 reflects that breach-related expenses during 2013 & 2014 were a total of $162 million, which would have been some $45 million ($207 million total) higher if it were not for a Cyber Insurance claim (a whole Blog area in itself!). Legal action is destined to increase this figure yet higher, however, it is a very painful example of the true cost of IT Security breaches.
This particular attack was instigated via a 3rd party refrigeration, heating & air conditioning supplier, who had remote access to the Target infrastructure. The login details allocated to the 3rd party service company were compromised and used to access the Target IT infrastructure and their Point of Sale terminals in particular. Malware was then uploaded to capture the debit & credit card information, before the data being exfiltrated to a number of other external systems which had also been compromised, allowing the attacker to safely obtain the stolen information.
This attack shows two things in particular. Firstly, attackers are human and by default will look for the easiest way to access a particular victim's infrastructure. Secondly, remote access needs additional security thinking in terms of how any 3rd party and even employees access corporate IT assets.
Ballintrae have partnered with Promon to assist with application protection and may very well have been able to prevent the Target exploitation, as Promon provides an Application Shielding solution, protecting each application from any malware attack originating from the device it is being run on. In the case of Target, the 3rd party in question should have been secured by providing them with remote desktop access via a Promon-shielded set of applications to enable the virtual desktop to run on the 3rd party's host machine. With a full Promon shield, the remote access session is completely protected from any Malware on the host machine and hence the payload that was used in Target's case would have been prevented from being uploaded.
If you are concerned about 3rd party, or even employee access to your IT estate and hence data, then Contact Us so as we can help you.