Description
Target, a large US retailer headquartered in Minneapolis, suffered a massive data breach in 2013 that compromised some 40 million customer debit and credit cards, as well as personal information of an additional 70 million customers (about 20 percent of the US population). Public consternation over this and other data breaches led to accelerated deployment of chip-embedded (EMV) credit cards; renewed appreciation of the need for network segmentation, third-party oversight, and logging analytics; dismissal of key corporate executives; damaged company stock market performance; and a call for better sharing of cyberthreat intelligence.
Task Description
Review the links below and other Internet sources on the Target data breach. Also research ways in which remote access by third parties into an organization's network resources can be contained. Develop an attack tree diagram to describe the possible exploits that could have been used to exploit Target's vulnerabilities and highlight the actual attack path used. Write a brief case study analysis that highlights procedures that should be implemented to reduce the probability of future attack via a third party vendor's vulnerability.
- Michael Kassner (2 February 2015), "Anatomy of the Target Data Breach: Missed Opportunities and Lessons Learned," ZDNet. Retrieved from http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/.
- Anthony Wing Kosner (17 January 2014), "Researchers Report Exact Timeline Of Massive Target Data Breach," Forbes. Retrieved from http://www.forbes.com/sites/anthonykosner/2014/01/17/researchers-report-exact-timeline-of-massive-target-data-breach/#66c1669d58aa.
- Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack (13 March 2014), "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It," Bloomberg Business. Retrieved from http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.
Deliverable
Your paper should be written following APA guidelines, using 12-point font, and including a title, executive summary, and reference page. The content of your paper should be three to four pages in length, excluding the title and reference pages. Submit your Research Paper to the Dropbox titled for this activity by the date specified by your instructor.
Explanation & Answer
Attached.
Running head: TARGET CASE STUDY
1
TARGET CASE STUDY
Name
Institutional affiliation
Instructor
Date of Submission
TARGET CASE STUDY
2
Target’s vulnerability attack tree diagram (Marked in yellow is the actual attack path used)
Attackers infiltrate Target’s
system
From the Target’s
admin end
Use of AD
(Active Directory)
credentials
Access
Servers
Vulnerability
on web app
(e.g. XSS)
Access
servers
Malware Installed
On a third Party
Vendor
Network infiltration
on the Customer
Service end
Malware installed on POS
system (Trojan.POSRAM)
Login Credentials
accessed
Subsequent access to
one of Target’s Portal
credentials (Ariba)
Credit/Debit card
accessed and sent to
the overrun servers
TARGET CASE STUDY
3
Executive summary
Having been in business for a long time, Target, a Minneapolis based Corporation, is one
of the most valued brands in the world. The data breach that occurred in the firm’s security
system in 2013 was a significant object lesson for its future undertakings. Many sources claim a
number of exploits through which the company’s system could have been compromised.
However, the actual exploit occurred through unauthorized access to credentials from Fazio
mechanical, a refrigeration vendor, after which the attackers were able to install malware
software in all POS systems in target stores. They targeted credit card details, which after
gaining were sent to a remote serv...
Review
Review
