Injustice - Developers Among Us (SciFiDevCon 2024)
Target breach deck 2014 - Delivered to the World's Largest Retailer and Fourth Largest Website
1. The Target Breach: Friends Don‘t Let Friends Get Hacked
http://securityintelligence.com/targ
et-breach-protect-against-similar-
attacks-retailers/
2. November December
Breach High-Level
Access to Vendor
Purchasing Portal
Data Exfiltration to
Remote Site
Credentials Lifted Planting of POS
Malware
Remote Downloading
HVAC Vendor Phished
3. One or more recipients
clicks link(s) and/or
downloads file
Research
Study social media:
Facebook, LinkedIn,
Instagram, Twitter
Phishing Malware/Exploit
Craft targeted email with
malware on website link.
Send to target(s).
Anatomy of Phishing and Credential Theft
5. Sample Memory Search
Commodity Malware
Malware Commonly
Available on Internet
Customizable Search Memory
Black POS
Plant Malware
6. Criminals Retreive from
External Servers
Package Data to Internal Server
Copy to Internal Windows
Server
Drop on External Server Retreive from External Server
Job Transfers Compressed
Card Data on Schedule
Exfiltrate Data
7. November
HVAC Vendor Phished Access to Vendor
Purchasing Portal
Data Exfiltration to
Remote Site
Credentials Lifted Planting of POS
Malware
Remote Downloading
December
What can be done to Stop this?
Block
Malware
Educate
Vendors
VPN
Token
Protect
Systems
Third Party
Monitoring
Block
Egress