The hackers who hit Target gained access to its systems, stealing financial and personal data from 110 million of its consumer-customers companyς κατάφεραν να το κάνουν, εξαπατώντας έναν υπάλληλο ενός εξωτερικού προμηθευτή. Ένα κλικ σε ένα κακόβουλο message έφτανε για να φέρει την καταστροφή, σύμφωνα με μια report published Wednesday by security researcher blogger Brian Krebs.
An employee of Fazio Mechanical, an air conditioning company in Sharpsburg, was the victim of a spear phishing attack in which hackers sent malware with a message that appeared to come from a trusted source. A click on the link in the email was the cause of the crash, according to Krebs, who also cited evidence.
Once the hackers gained access to the employee's computer, they were also able to break into Target's system. Fazio reported last weekteam ότι ίσως ήταν από αυτούς η δίοδος από την οποία οι hackers απέκτησαν πρόσβαση στο network of Target, but details of how the attack was carried out were not released.
Disclosure highlights a central problem facing all companies trying to secure their networks. Although businesses invest millions of dollars each year to fight hackers, they are still vulnerable due to the loose third-party security measures that access their systems.
Target spokeswoman Molly Snyder said: "An intruder stole a vendor's credentials and used them to gain access to our system." The spokeswoman declined to name the partner company or reveal how the credentials were stolen, citing an ongoing investigation.
Krebs said Fazio was not immediately aware of the phishing attack because it was using a free anti-malware program that "does not offer real-time protection against threats."