Stolen Vendor Credentials Responsible for Target Breach
- By Ginger Hill
- Jan 30, 2014
If I’ve said it once, I’ll say it a thousand times again. Today’s hackers are a highly intelligent, sophisticated bunch of people. Advanced hackers often take advantage of low-level employees or outside vendors, moving laterally through networks to gain access to valuable data.
"Technology vendors aren't your typical remote users,” said Jeff Swearingen, co-founder and CEO of SecureLink. “One vendor may have thousands of technicians that require access on a revolving basis. Login credentials issued to Todd on Tuesday may be used by Wendy on Wednesday and so on – with access to a company's most sensitive data.”
With thousands of technicians, it’s quite possible that suave hackers can persuade at least one of them to hand over their login credentials.
Most of us are familiar with the whole Target hack debacle, and according to media sources, Target’s investigation to determine the responsible party has led them to a stolen vendor’s credentials as a source of access.
Target hasn't revealed how the credentials were stolen or which outlet was used, but this particular portal does have limited access to Target’s computer systems during the remainder of the investigation. Target did say that the hacker’s used a system that was not related to payment areas, but it’s still unknown how exactly the hackers moved from an unrelated platform to Target’s point-of-sale devices.
"Hackers are intelligent and sophisticated, so it's not unreasonable to think that even a well-run organization could be a victim," noted Swearingen.
What can organizations do to help prevent this type of victimization?
“Successful management of vendor remote access starts with a policy recognizing the difference between your internal users and your vendors,” explained Swearingen. “It eliminates shared logins, restricts access to required privileges only, protects admin credentials and audits all activity in real-time at the individual user level.”
I wonder if Target is considering implementing such a strategy for future management of vendor remote access.
Ginger Hill is Group Social Media Manager.