More information regarding the now notorious Target data breach shows the initial attack on the system originated from Phishing emails opened by an employee of an outside vendor.
According to Krebsonsecurity.com, the employee of Sharpsburg Pa. based heating, ventilation, and air-conditioning company Fazio Mechanical which has access to Targets data system, fell victim to a "spear phishing” attack. Spear phishing attacks generate emails which seem to originate from trusted sources.
Last week, the investigation surrounding the attack showed possible origins pointing to Fazio Mechanical, but only recently has the reason of malicious emails come to the surface. According to Tom Kellermann, the managing director of cyber protection at Alvarez & Marsal, hackers of this nature tend to attack outside third party vendors to gain access to large corporations’ data systems.
“There’s a lack of due diligence with third-party vendors in securing their systems, and they’re being hunted by Eastern European crime syndicates to go after major multinational companies,” Kellermann said.
According to a Target spokeswoman an “intruder stole a vendor’s credentials which were used to access our system", she did not however mention the name of the vendor or elaborate on which credentials were stolen. Fazio Mechanical refused to comment on the new findings, but did release a statement mentioning “like Target, we are a victim of a sophisticated cyber-attack operation."
Krebs report further mentioned the vendor did not notice the phishing attack at first. Fazio Mechanical was using a free anti-malware program which “does not offer real-time protection against threats”.
The Target data breach began on November 29th 2013 (Black Friday) and lasted approximately 3 weeks until it was uncovered by Krebsonsecurity. A 17 year old Russian teenager was found as the source of the malware that attacked Targets system.