Overview:
http://www.businessinsider.com/target-credit-card-hackers-2013-12
Number of cards updated to 70 million
http://mobile.eweek.com/security/target-data-breach-affected-70m-much-more-than-earlier-estimates.html
Timeline:
http://www.ibtimes.com/timeline-targets-data-breach-aftermath-how-cybertheft-snowballed-giant-retailer-1580056
Missed alerts:
http://www.npr.org/2014/03/13/289836952/report-target-missed-its-chance-to-prevent-data-breach
Human considerations:
http://www.eweek.com/security/preventing-targets-troubles-locking-the-door-against-data-breaches.html
Federal lawsuit
http://www.nationaljournal.com/tech/senate-report-target-could-have-prevented-massive-hack-20140325
Removal of corporate officers:
http://www.insidecounsel.com/2014/05/30/inadequate-data-breach-preparation-response-should
CISO should report to CEO
http://www.computerworld.com/s/article/9249129/Target_top_security_officer_reporting_to_CIO_seen_as_a_mistake
Target CEO Resignation Due To Security Issues
http://www.csoonline.com/article/2151381/cyber-attacks-espionage/target-ceo-resignation-highlights-cost-of-security-blunders.html
Cards Sold on Black Market
http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/
Started with an Email attack against HVAC vendor
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
Ward Off POS Attacks
http://www.retailgazette.co.uk/articles/32114-how-to-ward-off-pos-cyber-security-attacksd
Chip Cards to Prevent Credit Card Information Loss
http://www.northjersey.com/news/business/a-chip-on-the-old-card-1.1039445
Talent in Hacking, Not Security
http://wallstcheatsheet.com/technology/cyber-crime-why-is-all-the-talent-in-hacking-and-not-in-security.html/?a=viewall
EMV (Chip and Pin) credit cards alone cannot protect data http://www.finextra.com/blogs/fullblog.aspx?blogid=9491
Car Washes had PC Anywhere installed on computers. End of life by Symantec, not used in years.
http://nakedsecurity.sophos.com/2014/06/25/carwash-pos-systems-hacked-credit-card-data-drained/
Tips for Protecting Point of Sale (POS) systems
http://www.lexology.com/library/detail.aspx?g=edac3d96-7d0a-4d70-87b1-966ba3fcc5c7
Small business & mobile POS
http://www.smallbusinesscomputing.com/biztools/small-business-mobile-point-of-sale-systems-the-pros-cons.html
Protecting POS systems
http://www.darkreading.com/attacks-breaches/tech-insight-defending-point-of-sale-systems/d/d-id/1141214?
Separate VLANs
http://www.darkreading.com/attacks-breaches/back-to-basics/d/d-id/1269436
Timeline:
http://www.ibtimes.com/timeline-targets-data-breach-aftermath-how-cybertheft-snowballed-giant-retailer-1580056
Missed alerts:
http://www.npr.org/2014/03/13/289836952/report-target-missed-its-chance-to-prevent-data-breach
Human considerations:
http://www.eweek.com/security/preventing-targets-troubles-locking-the-door-against-data-breaches.html
Federal lawsuit
http://www.nationaljournal.com/tech/senate-report-target-could-have-prevented-massive-hack-20140325
Removal of corporate officers:
http://www.insidecounsel.com/2014/05/30/inadequate-data-breach-preparation-response-should
CISO should report to CEO
http://www.computerworld.com/s/article/9249129/Target_top_security_officer_reporting_to_CIO_seen_as_a_mistake
Target CEO Resignation Due To Security Issues
http://www.csoonline.com/article/2151381/cyber-attacks-espionage/target-ceo-resignation-highlights-cost-of-security-blunders.html
Cards Sold on Black Market
http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/
Started with an Email attack against HVAC vendor
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
Ward Off POS Attacks
http://www.retailgazette.co.uk/articles/32114-how-to-ward-off-pos-cyber-security-attacksd
Chip Cards to Prevent Credit Card Information Loss
http://www.northjersey.com/news/business/a-chip-on-the-old-card-1.1039445
Talent in Hacking, Not Security
http://wallstcheatsheet.com/technology/cyber-crime-why-is-all-the-talent-in-hacking-and-not-in-security.html/?a=viewall
EMV (Chip and Pin) credit cards alone cannot protect data http://www.finextra.com/blogs/fullblog.aspx?blogid=9491
Car Washes had PC Anywhere installed on computers. End of life by Symantec, not used in years.
http://nakedsecurity.sophos.com/2014/06/25/carwash-pos-systems-hacked-credit-card-data-drained/
Tips for Protecting Point of Sale (POS) systems
http://www.lexology.com/library/detail.aspx?g=edac3d96-7d0a-4d70-87b1-966ba3fcc5c7
Small business & mobile POS
http://www.smallbusinesscomputing.com/biztools/small-business-mobile-point-of-sale-systems-the-pros-cons.html
Protecting POS systems
http://www.darkreading.com/attacks-breaches/tech-insight-defending-point-of-sale-systems/d/d-id/1141214?
Separate VLANs
http://www.darkreading.com/attacks-breaches/back-to-basics/d/d-id/1269436
VLANs vs Subnets
http://websitenotebook.blogspot.com/2014/06/vlans-vs-subnets.html?m=1
PCI is not enough, POS Malware kits, warnings and auditing software ignored or shut off
http://www.computing.co.uk/ctg/feature/2348267/too-open-for-business
FBI warns of more retail attacks
http://www.reuters.com/article/2014/01/23/us-target-databreach-fbi-idUSBREA0M1UF20140123
Hackers that wrote the malware
http://www.startribune.com/business/243125731.html#ZMDJ1wAuHohOSl87.97
Memory scraping malware
http://www.csoonline.com/article/2359441/data-protection/criminals-seeking-more-buyers-with-all-in-one-malware.html
http://www.darkreading.com/attacks-and-breaches/target-breach-8-facts-on-memory-scraping-malware/d/d-id/1113440
http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
http://threatpost.com/ram-scraper-malware-a-threat-to-point-of-sale-systems
http://volatility-labs.blogspot.com/2014/01/comparing-dexter-and-blackpos-target.html
PCI is not enough, POS Malware kits, warnings and auditing software ignored or shut off
http://www.computing.co.uk/ctg/feature/2348267/too-open-for-business
FBI warns of more retail attacks
http://www.reuters.com/article/2014/01/23/us-target-databreach-fbi-idUSBREA0M1UF20140123
Hackers that wrote the malware
http://www.startribune.com/business/243125731.html#ZMDJ1wAuHohOSl87.97
Memory scraping malware
http://www.csoonline.com/article/2359441/data-protection/criminals-seeking-more-buyers-with-all-in-one-malware.html
http://www.darkreading.com/attacks-and-breaches/target-breach-8-facts-on-memory-scraping-malware/d/d-id/1113440
http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
http://threatpost.com/ram-scraper-malware-a-threat-to-point-of-sale-systems
http://volatility-labs.blogspot.com/2014/01/comparing-dexter-and-blackpos-target.html
ICMP
http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=24d3c229-4f2f-405d-b8db-a3a67f183883
More...
CISO should report to CEO
http://www.computerworld.com/s/article/9249129/Target_top_security_officer_reporting_to_CIO_seen_as_a_mistake
Cards Sold on Black Market
http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/
Ward Off POS Attacks
http://www.retailgazette.co.uk/articles/32114-how-to-ward-off-pos-cyber-security-attacksd
Chip Cards to Prevent Credit Card Information Loss
http://www.northjersey.com/news/business/a-chip-on-the-old-card-1.1039445
More...
People
PCI Compliance
Target.com
NEW CISO
Joined Financial Information
Sharing Center
https://www.fsisac.com/
What has done to prevent
Waiting for a major problem before
taking action:
Chip and Pin Solution
Articles about the target breach and related:
Overview:
http://www.businessinsider.com/target-credit-card-hackers-2013-12
Human considerations:
http://www.eweek.com/security/preventing-targets-troubles-locking-the-door-against-data-breaches.html
Overview:
http://www.businessinsider.com/target-credit-card-hackers-2013-12
Human considerations:
http://www.eweek.com/security/preventing-targets-troubles-locking-the-door-against-data-breaches.html
Attacks on key employees
CISO should report to CEO
http://www.computerworld.com/s/article/9249129/Target_top_security_officer_reporting_to_CIO_seen_as_a_mistake
Cards Sold on Black Market
http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market/
Ward Off POS Attacks
http://www.retailgazette.co.uk/articles/32114-how-to-ward-off-pos-cyber-security-attacksd
Chip Cards to Prevent Credit Card Information Loss
http://www.northjersey.com/news/business/a-chip-on-the-old-card-1.1039445
EMV (Chip and Pin) credit cards
alone cannot protect data http://www.finextra.com/blogs/fullblog.aspx?blogid=9491
Talent in Hacking, Not Security
http://wallstcheatsheet.com/technology/cyber-crime-why-is-all-the-talent-in-hacking-and-not-in-security.html/?a=viewall
Car Washes had PC Anywhere installed on computers. End of life by Symantec, not used in years.
http://nakedsecurity.sophos.com/2014/06/25/carwash-pos-systems-hacked-credit-card-data-drained/
Tips for Protecting Point of Sale (POS) systems
http://www.lexology.com/library/detail.aspx?g=edac3d96-7d0a-4d70-87b1-966ba3fcc5c7
Small business & mobile POS
http://www.smallbusinesscomputing.com/biztools/small-business-mobile-point-of-sale-systems-the-pros-cons.html
Protecting POS systems
http://www.darkreading.com/attacks-breaches/tech-insight-defending-point-of-sale-systems/d/d-id/1141214?
Talent in Hacking, Not Security
http://wallstcheatsheet.com/technology/cyber-crime-why-is-all-the-talent-in-hacking-and-not-in-security.html/?a=viewall
Car Washes had PC Anywhere installed on computers. End of life by Symantec, not used in years.
http://nakedsecurity.sophos.com/2014/06/25/carwash-pos-systems-hacked-credit-card-data-drained/
Tips for Protecting Point of Sale (POS) systems
http://www.lexology.com/library/detail.aspx?g=edac3d96-7d0a-4d70-87b1-966ba3fcc5c7
Small business & mobile POS
http://www.smallbusinesscomputing.com/biztools/small-business-mobile-point-of-sale-systems-the-pros-cons.html
Protecting POS systems
http://www.darkreading.com/attacks-breaches/tech-insight-defending-point-of-sale-systems/d/d-id/1141214?
VLANs vs Subnets
http://websitenotebook.blogspot.com/2014/06/vlans-vs-subnets.html?m=1
PCI is not enough, POS Malware kits, warnings and auditing software ignored or shut off
http://www.computing.co.uk/ctg/feature/2348267/too-open-for-business
FBI warns of more retail attacks
http://www.reuters.com/article/2014/01/23/us-target-databreach-fbi-idUSBREA0M1UF20140123
Hackers that wrote the malware
http://www.startribune.com/business/243125731.html#ZMDJ1wAuHohOSl87.97
Memory scraping malware
http://www.csoonline.com/article/2359441/data-protection/criminals-seeking-more-buyers-with-all-in-one-malware.html
http://www.darkreading.com/attacks-and-breaches/target-breach-8-facts-on-memory-scraping-malware/d/d-id/1113440
http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/
http://threatpost.com/ram-scraper-malware-a-threat-to-point-of-sale-systems
http://volatility-labs.blogspot.com/2014/01/comparing-dexter-and-blackpos-target.html
PCI is not enough, POS Malware kits, warnings and auditing software ignored or shut off
http://www.computing.co.uk/ctg/feature/2348267/too-open-for-business
FBI warns of more retail attacks
http://www.reuters.com/article/2014/01/23/us-target-databreach-fbi-idUSBREA0M1UF20140123
Hackers that wrote the malware
http://www.startribune.com/business/243125731.html#ZMDJ1wAuHohOSl87.97
Memory scraping malware
http://www.csoonline.com/article/2359441/data-protection/criminals-seeking-more-buyers-with-all-in-one-malware.html
http://www.darkreading.com/attacks-and-breaches/target-breach-8-facts-on-memory-scraping-malware/d/d-id/1113440
http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/
http://threatpost.com/ram-scraper-malware-a-threat-to-point-of-sale-systems
http://volatility-labs.blogspot.com/2014/01/comparing-dexter-and-blackpos-target.html
POS security:
Net diagram - hunch