What really happened at Target
Hackers sent the email to Targets Heating, Ventilation and Air Conditioning’s Contractor at least two months before thieves began stealing data from cash registers. An employee at Target’s heating and air conditioning contractor with access to Target’s data opened the email, which then gave the hackers access to Target’s network.
Simple as that… Hmmmmm, it didn’t come through the firewall. This really is no big surprise to me. At Topgallant, we do external penetration tests and sometimes were able to get access to a server behind the firewall and sometimes we are able to gain access to routers and firewalls by various means. Most of the time, if the client has been doing his or her job, access behind the firewall is impossible.
Where do we see our best results, we see them by attacking the Wireless Infrastructure or just the way Target got hacked by sending Malicious Emails with links to our attack servers.
Client Side Exploits
Why? Because most people believe that attacks are generated from the internet directly at the firewall and attacks occur as individual occurrences. When in reality most of the new exploits are known as Client Side Exploits. A Client Side Exploit occurs by attacking a flaw in application level software which allows an attacker to gain administrative access to the server, workstation or other devices. These types of applications include Adobe, Microsoft OS, Flash, Java, and Oracle and so on.
For wireless networks it usually comes from poor firewalling between the Guest Wireless and the Organizations’ Wireless LAN. Sometimes it comes from the use of no encryption, weak encryption or it comes from the “Hidden” SSID. (By the Way, Hidden SSIDs can be seen by a wireless scanner.)
It’s all about Access and Delivery
The issue is access and delivery. The goal of any hacker is to bypass the firewall. The best delivery mechanism for this is the fake email that look like they come from some trusted source. An example of this is taking a real email that some company sends out to get you to go to their Website for some crazy deal on let’s say Dishwashing Detergent. The email says that it comes from Big X Trusted Company. The pictures that are downloaded come from their Website, but the links you click on have false links that lead not to a coupon or to Big X’s Website, but go to the attacker’s website where the malicious code resides. Click on the Website and the attacker sends down the exploit and your system has been compromised.
What does the end user see? The end user sees nothing or the Web Page displays something strange or maybe freezes. The end user thinks, hey nothing has happened and moves on. Meanwhile after all your efforts trying to secure your network, somebody has compromised your systems by avoiding your defenses all together.
Here’s your defense.
- Use Up to date Anti-Virus Programs to stop the attack when it happens
- Stay up to day on all your OS and application level internal patching
- Train your end users not to use their business computers for personal business
- Utilize Internal Intrusion Detection Systems to identify malicious traffic
- Test your Wireless Networks for access
- Run Vulnerability Scans every quarter
- Conduct Penetration Tests not only externally, but internally and make sure you include Fake Email Delivery as part of the tests.
You can read all about by clicking here.0