The hackers who hit Target and gained access to its systems, stealing financial and personal data from the company's 110 million consumer-customers managed to do it by tricking an employee of an outside supplier. One click on a malicious message was enough to bring disaster, according to a report published Wednesday by the blogger security researcher Brian Krebs.
An employee of Fazio Mechanical, an air conditioning company in Sharpsburg, was the victim of a spear phishing attack in which hackers sent malware with a message that appeared to come from a trusted source. A click on the link in the email was the cause of the crash, according to Krebs, who also cited evidence.
Once the hackers gained access to the employee's computer, they were also able to break into Target's system. Fazio reported last week that it may have been through them that the hackers gained access to the network of Target, but details of how the attack was carried out were not released.
The revelation highlights a central problem facing all Companies που προσπαθούν να εξασφαλίσουν τα δίκτυά τους. Παρά το γεγονός ότι οι επιχειρήσεις επενδύουν εκατομμύρια δολάρια κάθε χρόνο για την καταπολέμηση των hackers, εξακολουθούν να είναι ευάλωτες λόγω των χαλαρών μέτρων security of third parties who have access to their systems.
Target spokeswoman Molly Snyder said: "An intruder stole a vendor's credentials and used them to gain access to our system." The spokeswoman declined to name the partner company or reveal how the credentials were stolen, citing an ongoing investigation.
Krebs said Fazio didn't immediately realize the phishing attack because he was using a free one anti-malware program that “does not offer real-time protection against threats.”
