The hackers who hit her Target, και απέκτησαν πρόσβαση στα συστήματα της, υποκλέπτοντας οικονομικά και προσωπικά δεδομένα από 110 εκατομμύρια καταναλωτές-πελάτες της εταιρείας κατάφεραν να το κάνουν, εξαπατώντας έναν υπάλληλο ενός εξωτερικού προμηθευτή. Ένα κλικ σε ένα κακόβουλο message έφτανε για να φέρει την καταστροφή, σύμφωνα με μια έκθεση που δημοσιεύτηκε την Τετάρτη από τον blogger ερευνητή better safetyBrian Krebs.
An employee of Fazio Mechanical, an air conditioning company in Sharpsburg, was the victim of a spear phishing attack in which hackers sent malware with a message that appeared to come from a trusted source. A click on the link in the email was the cause of the crash, according to Krebs, who also cited evidence.
As soon as the hackers gained access to the worker's computer, they were able to enter the Target system. Fazio reported last week that it was perhaps the passage from which the hackers gained access to Target's network, but details of how the attack had taken place had not been announced.
The disclosure highlights a central problem facing all companies trying to secure their networks. Despite the fact that businessestwobillions of dollars each year to fight hackers, they are still vulnerable due to the lax security measures of third parties who have access to their systems.
MsfaceTarget's Molly Snyder said that "an intruder stole a vendor's credentials and used them to access our system." The spokeswoman declined to name the partner company or disclose how the credentials were stolen, citing an ongoing investigation.
Krebs said Fazio was not immediately aware of the phishing attack because it was using a free anti-malware program that "does not offer real-time protection against threats."