Question

Target handles a lot of data from many different sources (customers, vendors, suppliers, employees, etc.). The concept of Big Data is a concern for such companies. Answer the following questions: What was the weakness behind the Target data breach? Were third parties involved? How did Target run its POS system? How could it be prevented? How much does human error come into play with big enterprise security breaches? What are some challenges in Big Data with regards to security?

Answer 1

There are multiple theories on how the criminals initially hacked into Target, and none of them have yet been confirmed by Target Corporation. However, the primary and most well-supported theory is that the initial breach didn’t actually occur inside Target. Instead, it occurred in a third party vendor, Fazio Mechanical Services, which is a heating, ventilation, and air-conditioning firm. According to this theory, we present the timeline of the incident . Attackers first penetrated into the Target network with compromised credentials from Fazio Mechanical. Then they probed the Target network and pinpointed weak points to exploit. Some vulnerabilities were used to gain access to the sensitive data, and others were used to build the bridge transferring data out of Target. Due to the weak segmentation between non-sensitive and sensitive networks inside Target, the attackers accessed the point of sale networks.The timeline of target data beach is follows in fig 1.

Even if Target had a valid reason for giving Fazio access, the retailer should have segmented its network to ensure that Fazio and other third parties had no access to its payment systems.

Several mature processes and practices currently exist for securing third-party access to enterprise networks, Brazil said. Even the Payment Card Industry Data Security Standard, which companies like Target are required to follow, specifies network segmentation as a way to protect sensitive cardholder data.

In the Target breach, BlackPOS was installed on Target’s point of sale terminals, and the integrity of POS systems was compromised.

Target's point of sale (POS) systems This iSIGHT Partners report provides details about the malware, code-named Trojan.POSRAM, used to infect Target's POS system. The "RAM-scraping" portion of the POS malware grabs credit/debit card information from the memory of POS-devices as cards are swiped. "Every seven hours the Trojan checks to see if the local time is between the hours of 10 AM and 5 PM," mentions the iSIGHT Partners report. "If so, the Trojan attempts to send winxml.dll over a temporary NetBIOS share to an internal host (dump server) inside the compromised network over TCP port 139, 443 or 80."

Target utilizes its own in-house point of sale (POS) system that has been developed by its IT department, Target Technology Services. Each store has its own servers capable of running about 30 registers and these are supported by a third party IT services provider who have technicians trained in Target store procedures. Target stores do not employ full-time IT staff.

Over the last few years Target has significantly upgraded its IT infrastructure. Each store now operates with two servers which run the company's custom POS system. Having two servers per store means Target can run up to 30 cash registers as well as inventory, stock control and pharmacy databases.

This technique allowed attackers to steal data from POS terminals that lacked internet access.

Once the credit/debit card information was secure on the dump server, the POS malware sent a special ICMP (ping) packet to a remote server. The packet indicated that data resided on the dump server. The attackers then moved the stolen data to off-site FTP servers and sold their booty on the digital black market.

This key step for data breach can be prevented by enforcing the integrity of point of sale terminals. Therefore, we provide a practical scheme using digital signatures and certificates for ensuring the integrity of operating systems on point of sales.

Attackers compromised Fazio Mechanical Services. Attackers broke into Target’s network and tested malware on POS machines. Attackers began to collect credit card data. POS malware fully installed. Attackers installed data exfiltration malware. Symantec and FireEye alerts triggered. Attackers began to move credit card data out. Additional FireEye alerts triggered. Department of Justice notified Target. Target removed most malware.

Preventing the breach at several points.

• Improved monitoring and logging of system activity
• Installed application whitelisting POS systems and
• Implemented POS management tools
• Improved firewall rules and policies
• Limited or disabled vendor access to their network
• Disabled, reset, or reduced privileges on over 445,000 Target personnel and contractor accounts
• Expanded the use of two-factor authentication and password vaults
• Trained individuals on password rotation

Due to Target’s poor segmentation of its network, all that the attackers needed in order to gain access into Target’s entire system was to access its business section. From there, they gained access to other parts of the Target network, including parts of the network that contained sensitive data. Once they gained access into Target’s network they started to test installing malware onto the point of sales devices. The attackers used a form of point of sales malware called BlackPOS. The attach steps of the target breach is given as below in fig 2.

Human error can impact the success of even the strongest security strategies. As the above attacks illustrate, this can happen in numerous ways. Here are just a few:

1. SSH keys grant privileged access to many internal systems. Often, these keys do not have expiration dates. And they are difficult to monitor. So, if SSH keys are revealed or compromised, attackers can use them to pivot freely within the network.

2. Many phishing attacks leverage wildcard or rogue certificates to create fake sites that appear to be authentic. Such increased sophistication is often required to target higher level executives.

3. Using public key encryption and authentication in the two-step verification makes it harder to gain malicious access. Easy access to SSH keys stored on computers or servers makes it easier for attackers to pivot laterally within the organization.

4. An organization’s encryption is only as good as that of its entire vendor community. If organizations don’t control the keys and certificates that authenticate partner interactions, then they lose control of the encrypted tunnels that carry confidential information between companies.

5. If organizations are not monitoring the use of all the keys and certificates that are used in encryption, then attackers can use rogue or stolen keys to create illegitimate encrypted tunnels. Organizations will not be able to detect these malicious tunnels because they appear to be the same as other legitimate tunnels into and out of the organization.

There is no silver bullet in cyber space against data breaches. With the increasing amount of data leak incidents in recent years, it is important to analyze the weak points in our systems, techniques and legislations and to seek solutions to the issue. presented a comprehensive analysis of the Target data breach and related incidents, such as the TJX breach. We 10 described several security guidelines to enhance security in merchants’ systems. We presented the state-of-theart credit card security techniques, and gave customers best practices to hide card information during purchase transactions

Problems with security pose serious threats to any system, which is why it’s crucial to know your gaps. Here, our big data consulting experts cover the most vicious security challenges that big data has in stock:

1. Vulnerability to fake data generation
2. Potential presence of untrusted mappers
3. Troubles of cryptographic protection
4. Possibility of sensitive information mining
5. Struggles of granular access control
6. Data provenance difficulties
7. High speed of NoSQL databases’ evolution and lack of security focus
8. Absent security audits

Now that we’ve outlined the basic problem areas of big data security, let’s look at each of them a bit closer.