SlideShare a Scribd company logo

Target breach deck 2014 - Delivered to the World's Largest Retailer and Fourth Largest Website

"Karate" Karadi
"Karate" Karadi

Anatomy of the World's Largest Retail Breach 2013-2014

Technology
1 of 8
The Target Breach: Friends Don‘t Let Friends Get Hacked http://securityintelligence.com/targ et-breach-protect-against-similar- attacks-retailers/
November December Breach High-Level Access to Vendor Purchasing Portal Data Exfiltration to Remote Site Credentials Lifted Planting of POS Malware Remote Downloading HVAC Vendor Phished
One or more recipients clicks link(s) and/or downloads file Research Study social media: Facebook, LinkedIn, Instagram, Twitter Phishing Malware/Exploit Craft targeted email with malware on website link. Send to target(s). Anatomy of Phishing and Credential Theft
Compromise Network Exploit Portal Easily found Vendor Portals for National Labs VPN Network Breach Remote Access with Multi- Factor Vendor Portal Vendor Portal
Sample Memory Search Commodity Malware Malware Commonly Available on Internet Customizable Search Memory Black POS Plant Malware
Criminals Retreive from External Servers Package Data to Internal Server Copy to Internal Windows Server Drop on External Server Retreive from External Server Job Transfers Compressed Card Data on Schedule Exfiltrate Data
November HVAC Vendor Phished Access to Vendor Purchasing Portal Data Exfiltration to Remote Site Credentials Lifted Planting of POS Malware Remote Downloading December What can be done to Stop this? Block Malware Educate Vendors VPN Token Protect Systems Third Party Monitoring Block Egress
Implement Proper Security Controls Educate Associates Partner with your Vendors

Recommended

Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hackingUday Verma
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdfCyber security professional services- Detox techno
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 

Recommended

Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hackingUday Verma
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdfCyber security professional services- Detox techno
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
CryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware AttacksCryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware AttacksChant Vartanian
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consultingguest4cee27ac
 
Information security
Information securityInformation security
Information securitySathyanarayana Panduranga
 
Digital security
Digital securityDigital security
Digital securitymalebaseball20
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Information gatherimg
Information gatherimgInformation gatherimg
Information gatherimgAshok kumar sandhyala
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Atlantic Security Conference
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...csandit
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
What You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security RuleWhat You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security RuleCooperative of American Physicians, Inc.
 
Dr azhar raza khan
Dr azhar raza khanDr azhar raza khan
Dr azhar raza khanmoh zeeshan
 

More Related Content

What's hot

Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
CryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware AttacksCryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware AttacksChant Vartanian
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consultingguest4cee27ac
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Atlantic Security Conference
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...csandit
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 

What's hot (20)

Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 
CryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware AttacksCryptoLocker and the Emergence of Ransomware Attacks
CryptoLocker and the Emergence of Ransomware Attacks
 
Web Site vulnerability Sales and Consulting
Web Site vulnerability Sales and ConsultingWeb Site vulnerability Sales and Consulting
Web Site vulnerability Sales and Consulting
 
Information security
Information securityInformation security
Information security
 
Digital security
Digital securityDigital security
Digital security
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Information gatherimg
Information gatherimgInformation gatherimg
Information gatherimg
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learning
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical Hacking
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Viewers also liked

Dr azhar raza khan
Dr azhar raza khanDr azhar raza khan
Dr azhar raza khanmoh zeeshan
 
Tableau de bord régional Agefiph 2015 (mars 2016
Tableau de bord régional Agefiph 2015 (mars 2016Tableau de bord régional Agefiph 2015 (mars 2016
Tableau de bord régional Agefiph 2015 (mars 2016Handirect 05
 
Dushyant CV with covering letter - Copy
Dushyant CV with covering letter - CopyDushyant CV with covering letter - Copy
Dushyant CV with covering letter - CopyDeepak Gupta
 
Zabezpieczenie danych - szyfrowanie i backup
Zabezpieczenie danych - szyfrowanie i backupZabezpieczenie danych - szyfrowanie i backup
Zabezpieczenie danych - szyfrowanie i backupKonwent2015
 
Chmura nie ukradnie Ci pracy
Chmura nie ukradnie Ci pracyChmura nie ukradnie Ci pracy
Chmura nie ukradnie Ci pracyKonwent2015
 
CV - Abon'go Malik Obama June-11-2015
CV - Abon'go Malik Obama June-11-2015CV - Abon'go Malik Obama June-11-2015
CV - Abon'go Malik Obama June-11-2015Abon'go Malik Obama
 
Community Health Capstone Paper
Community Health Capstone PaperCommunity Health Capstone Paper
Community Health Capstone PaperKatelyn Duncan
 
Challenges Faced By Youth Aging Out of Foster Care
Challenges Faced By Youth Aging Out of Foster CareChallenges Faced By Youth Aging Out of Foster Care
Challenges Faced By Youth Aging Out of Foster CareLisa Dickson
 
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020ANAPEC
 
textile warping
textile warpingtextile warping
textile warpingAmit kumar
 

Viewers also liked (15)

What You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security RuleWhat You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security Rule
 
Dr azhar raza khan
Dr azhar raza khanDr azhar raza khan
Dr azhar raza khan
 
Tableau de bord régional Agefiph 2015 (mars 2016
Tableau de bord régional Agefiph 2015 (mars 2016Tableau de bord régional Agefiph 2015 (mars 2016
Tableau de bord régional Agefiph 2015 (mars 2016
 
Dushyant CV with covering letter - Copy
Dushyant CV with covering letter - CopyDushyant CV with covering letter - Copy
Dushyant CV with covering letter - Copy
 
Zabezpieczenie danych - szyfrowanie i backup
Zabezpieczenie danych - szyfrowanie i backupZabezpieczenie danych - szyfrowanie i backup
Zabezpieczenie danych - szyfrowanie i backup
 
Chmura nie ukradnie Ci pracy
Chmura nie ukradnie Ci pracyChmura nie ukradnie Ci pracy
Chmura nie ukradnie Ci pracy
 
Выбор ОРКСЭ
Выбор ОРКСЭВыбор ОРКСЭ
Выбор ОРКСЭ
 
CV - Abon'go Malik Obama June-11-2015
CV - Abon'go Malik Obama June-11-2015CV - Abon'go Malik Obama June-11-2015
CV - Abon'go Malik Obama June-11-2015
 
презентация для газеты квн
презентация для газеты квнпрезентация для газеты квн
презентация для газеты квн
 
Community Health Capstone Paper
Community Health Capstone PaperCommunity Health Capstone Paper
Community Health Capstone Paper
 
Challenges Faced By Youth Aging Out of Foster Care
Challenges Faced By Youth Aging Out of Foster CareChallenges Faced By Youth Aging Out of Foster Care
Challenges Faced By Youth Aging Out of Foster Care
 
A figueira e o figo
A figueira e o figoA figueira e o figo
A figueira e o figo
 
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020
مخطط التنمية للوكالة الوطنية لانعاش التشغيل و الكفاءات في أفق 2020
 
textile warping
textile warpingtextile warping
textile warping
 
How to Hire Second-Chance Workers
How to Hire Second-Chance WorkersHow to Hire Second-Chance Workers
How to Hire Second-Chance Workers
 

Similar to Target breach deck 2014 - Delivered to the World's Largest Retailer and Fourth Largest Website

Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
Splunk for Security Workshop
Splunk for Security WorkshopSplunk for Security Workshop
Splunk for Security WorkshopSplunk
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert TrendSC Leung
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfjainutkarsh078
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxCompanySeceon
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416Anthony Arrott
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital SecurityRichard Homa
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
SplunkLive! London - Scoping Infections and Disrupting Breaches breakout
SplunkLive! London - Scoping Infections and Disrupting Breaches breakoutSplunkLive! London - Scoping Infections and Disrupting Breaches breakout
SplunkLive! London - Scoping Infections and Disrupting Breaches breakoutSplunk
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.pptSeniorGaming
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackPILAMPIRAYAsstProfes
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awarenessKanishk Raj
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 

Similar to Target breach deck 2014 - Delivered to the World's Largest Retailer and Fourth Largest Website (20)

Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Splunk for Security Workshop
Splunk for Security WorkshopSplunk for Security Workshop
Splunk for Security Workshop
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert Trend
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital Security
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
SplunkLive! London - Scoping Infections and Disrupting Breaches breakout
SplunkLive! London - Scoping Infections and Disrupting Breaches breakoutSplunkLive! London - Scoping Infections and Disrupting Breaches breakout
SplunkLive! London - Scoping Infections and Disrupting Breaches breakout
 
Email threats
Email threatsEmail threats
Email threats
 
Network security
Network securityNetwork security
Network security
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.ppt
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attack
 
ISDD - Security Risks
ISDD - Security RisksISDD - Security Risks
ISDD - Security Risks
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Target breach deck 2014 - Delivered to the World's Largest Retailer and Fourth Largest Website

  • 1. The Target Breach: Friends Don‘t Let Friends Get Hacked http://securityintelligence.com/targ et-breach-protect-against-similar- attacks-retailers/
  • 2. November December Breach High-Level Access to Vendor Purchasing Portal Data Exfiltration to Remote Site Credentials Lifted Planting of POS Malware Remote Downloading HVAC Vendor Phished
  • 3. One or more recipients clicks link(s) and/or downloads file Research Study social media: Facebook, LinkedIn, Instagram, Twitter Phishing Malware/Exploit Craft targeted email with malware on website link. Send to target(s). Anatomy of Phishing and Credential Theft
  • 4. Compromise Network Exploit Portal Easily found Vendor Portals for National Labs VPN Network Breach Remote Access with Multi- Factor Vendor Portal Vendor Portal
  • 5. Sample Memory Search Commodity Malware Malware Commonly Available on Internet Customizable Search Memory Black POS Plant Malware
  • 6. Criminals Retreive from External Servers Package Data to Internal Server Copy to Internal Windows Server Drop on External Server Retreive from External Server Job Transfers Compressed Card Data on Schedule Exfiltrate Data
  • 7. November HVAC Vendor Phished Access to Vendor Purchasing Portal Data Exfiltration to Remote Site Credentials Lifted Planting of POS Malware Remote Downloading December What can be done to Stop this? Block Malware Educate Vendors VPN Token Protect Systems Third Party Monitoring Block Egress