- May 1, 2020
Target Cyber Attack
Thecyber security attack on Target goes down as one of the worst hackingon a retail store in the United States. Hackers who were believed tobe in Moscow hacked the security system implemented by the companyagainst malicious malware. They accessed and extracted customers’information from credit cards used in purchasing items in the stores(Weiss & Miller, 2015). The company’s security department wascriticized for failing to act on the red flags raised by Fire Eyethat the company had contracted to check for malicious viruses in itssystems.
Theproblem exacerbated because most of the clients were making impulsebuying for Christmas gifts. Upon swiping their credit cards, themalware would record the details and send them to a hacked server andthen relay it to the hackers (Weiss & Miller, 2015). The cardswere later sold in the black market resulting in losses amounting tomillions of dollars. Most of the clients and banks believed that thecompany exhibited laxity in dealing with the issue and more than 144cases were launched against the management.
FundamentalChallenges that Organizations Face in General in Regard to ProtectingOrganizational Assets and Information
Companiesface various challenges while securing their information andresources. First, most of the data that clients save can be used ondifferent platforms. For example, the information contained incredit cards can be used in a number of transactions that requiremaking immediate payments (Gyenes, 2013). Therefore, the details ofthe consumers and their financial information can be accessed atdifferent terminals. Such data makes it sensitive for companies sinceit attracts parties with ill motives to extract it and exploit theclients. For example, the hackers knew that by targeting clients atthe retail stress, they could access their banks through the stolenpasswords.
Secondly,the information technology is growing rapidly, and most of thecompanies struggle to keep up with the developments. According toGyenes (2013), the security systems put in place must be regularlyupdated and new features introduced in them to keep the hackers away. The increased number of cybercrimes necessitates organizations tospend fortunes every year on purchasing counter software andinvestigating suspected attacks (Tipton& Choi, 2014). To maintain the consumers’ loyalty, it isnecessary to incur such costs. The information departments are alsorequired to keep pace with the hackers through their ingenuity. Forexample, the hackers who targeted the consumers used different typesof malware that were not considered as dangerous by the securitydepartment.
Additionally,the amount of data being stored is growing rapidly. It is estimatedthat the information stored digitally is growing at 45% per annum(Gyenes, 2013). Unfortunately, most of the vendors use the store-allapproach. Although this enables consumers to access their recordsover time, it gives hackers an opportunity to dig for all theinformation they require for crime purposes. Organizations,therefore, are on high alert to avoid exposing unnecessaryinformation regarding their clients that can be used as a link totheir financial records.
TheRed Flag(s) that Target Overlooked or Ignored before the RetailAttack
Thecompany had received information on the attack way before it yieldedany damage to the consumers and the reputation of the business. Themanagement had invested $1.6 million on FireEye, and the move wasprudent since the service provider identified the malware attacks onthe system (McMullen et al., 2016). FireEye alerted the company on30th November and 2nd December 2013 of an attack perpetrated usingscript kiddies that contained the passwords and usernames for theservers that were used to transfer the data.
Thecompany’s IT department had the capacity to address the problemimmediately, but it was ignored. The inaction was attributed to thefailure of the company to turn on their malware reaction systemdespite having the required infrastructure. As observed from thereport given by the department of justice, the system has an optionto delete malware automatically once it is detected (McMullen et al.,2016). Target was also certified by the PIC to accept credit cardsfrom consumers. Additionally, as a move towards security bestpractice, the company had engaged FireEye, an internationallyrecognized cyber security service provider. The technical team,therefore, had a top-notch infrastructure to thwart any form ofattack.
However,the employees had turned the function off. On 12th December the lawenforcement agencies notified Target of a suspected attack on itssystems and this instigated an internal inquiry that revealed thelaxity that the enterprise had gotten into. Since the sending of thefirst malware attack in 30th Novembers, the company acted for thefirst time on 12th December 2013, and this gave the hackers ampletime to carry out their activities without being interrupted. Theinterval of the alerts depicts that the company had a weak monitoringand response strategy. Even if they could have ignored the fisrtalert, having an effective approach would have raised their concernand they would have launched investigations and stop the attackprematurely.
Afterscrubbing through the computer logs, the investigators found out thatFireEye had set two alerts on November 30th and 2nd December when thesecond iteration of the malware was installed by the hackers(McMullen et al., 2016). Further examination by the internal teamalso revealed that the company’s endpoint Symantec Endpointantivirus system had given an alert on the presence of suspiciousbehavior. However, the employees had not recognized it.
Areport given to the Senate also revealed that the company hadoverlooked the susceptibility that it put itself into by givingaccess to its network to a third party. The refrigeration providerhad access to Target’s system, and this enabled the hackers to usethe third party as access to the company’s data (Jul, 2015). Themalware retrieved the access code of the unsuspecting vendor and tothe 1,397 stores across the country.
Althoughthe security IT department was castigated for failing to take action,I believe there are several reasons to explain their behavior. First,the malware that was used embedded the company’s username“Best1-user.” Since this was used to log into the shared drive inthe network, the employees could not be instigated totakeimmediate action (McMullen et al., 2016). However, the investigationrevealed that the virus had installed itself as a form of servicelabeled, “Bladel Logic” which is also used by the company’s ITdepartment.
Additionally,the originators of the products used by the hackers, that is,Microsoft and BMC are legitimate, and this was seen as a move toconvince them that the access was done by an insider and delay theaction of the technicians. According to McMullen et al. (2016), thehackers had dug information regarding the company’s ITinfrastructure and used similarities to avoid raising immediatesuspicion. These reasons may explain why the team was reluctant toact on the alerts given by FireEye. However, it should not beconstrued that they were justified to ignore the multiple alerts fromFireEye.
TheMain Actions that Target took after the Breach occurred and theirEfficiency
Targetwas criticized for keeping its clients in the dark of the wholeepisode and taking long before apologizing and responding to claims.As a counter measure to the hacking, the management ordered aninternal investigation to determine the damage to the system. It isduring preliminary findings that it was found out that a series ofalerts had been sent by different stakeholders. This enabled themanagement to hold certain individuals in the department accountablefor overlooking and ignoring the threat (Mayle, 2014). Although theaction was meant to earn public trust and rebuild the business image,its proactive nature may not be helpful in another cyber-attack.
Boththe CEO and the CIO were suspended as an indication of how seriousthe management was dealing with the issue. However, the leadershiperred in failing to inform the customers about the hacking. Ideally,they could have instructed their banks to monitor any unusualmovement of funds and terminate transactions in their accounts. Thiswas an effective move which contributed to the gravity of theproblem. It also explains the intensity of the law suits lobbiedagainst the company since most of the clients were disgruntled anddissatisfied with how the whole thing was handled.
Theconsumers were also angered by the move taken by the company’scustomer care department that ignored the calls and request forinformation. Business communication requires the management toidentify the correct channels to relay information during a crisis.Most of the time, personal attention is not achieved due to the highnumber of clients demanding clarifications (Mayle, 2014).
Themanagement could have issued a press statement and confirm theactions they were taking to prevent the issue from further driftingfrom hand. Unfortunately, the customers were left to speculate themoves that the company would take. The management also took long toapologize to the customers and this cost them the trust that had beenheaped on the retail store.
Themain reasons why the attack on Target occurred
Inconclusion, the Target attack occurred due to the failure of thetechnical team to have effective preclusive measures despite thecompany investing heavily in the security of its systems. By turningoff the malware deletion automated system, the team acted ignorantlybecause as indicated, the hackers are in a constant effort tooverride systems and they, therefore, come up with sophisticatedviruses (Bodhani, 2013). The attack also occurred due to the lack ofa constant monitoring system that could have identified the alertssent by FireEye. By taking more than 30 days to review the logs, theteam exposed the customers to fraud.
Justificationof Poor Management as the Primary cause of the Attack
Inmy opinion, the attack was due to the failure of the management asopposed to spineless infrastructure. The rationale for this is thatin the whole incident, the management, and the external investigatordid not point the failure of any applications that the company hadinvested in. besides, the company had been certified by PIC to usecredit cards after meeting the standard requirements set by thefederal body. As an additional measure, the management had invested$1.6 million in FireEye. It is worth noting that FireEye is crediblesince it is used by instrumental federal agencies including the CIAand the Pentagon (Bodhani, 2013).
Thesystem had identified the malware attacks at their onset and give andalert. The infrastructure, therefore, could not be blamed for theattack. The management failed to exploit the effectiveness of thesecurity systems. The employees ignored the access by an anonymousperson and assumed it was one of the insiders. Although they had areason to believe so, they exposed the flaws in the lack of secondaryauthentication and monitoring methods. The investment of themanagement in training its employees could also have been a possiblecause of the attack. Switching of the automated malware detection notonly depicts ignorance but lack of acquaintance with the currenthacking trends.
Bodhani,A. (2013). Turn on, log in, checkout. Engineering& Technology,8(3),60-63.
Gyenes,R. (2013). Voluntary Cybersecurity Framework Is Unworkable-GovernmentMust Crack the Whip, A. Pitt.J. Tech. L. & Pol`y,14,293.
Jul,L. G. (2015). Cybercriminals Target Third Party Vendors.
Mayle,A. (2014). Target Data Breach Crisis Response Evaluation. Analysis.
McMullen,D. A., Sanchez, M. H., & Reilly-Allen, M. O. (2016). TargetSecurity: A Case Study of How Hackers Hit the Jackpot at the Expenseof Customers.
Tipton,S., & Choi, Y. (2014). The rise in payment system breaches: theTargetCase. InternationalJournal of Computer and Information Technology,3(5),1060-1064.
Weiss,N. E., & Miller, R. S. (2015, February). The Target and OtherFinancial Data Breaches: Frequently Asked Questions. In CongressionalResearch Service, Prepared for Members and Committees of CongressFebruary(Vol. 4, p. 2015).