Target breach happened because of a basic network segmentation error
Following up on Brian Kreb’s report that attackers were able to get to Target’s payment card system after compromising the login credentials of HVAC contractor Fazio Mechanical Services,, Jaikumar Vijayan gets responses and comments from several experts on what appears to be Target’s failure to properly segment its network. You can read his article on Computerworld.
IA Eng - February 7, 2014
Yeah, that was an epic fail on both Target and the HVAC shop. Obviously neither heard of risk assessment. Supposedly the HVAC shop has serviced other large companies as well, so, I wonder if this particular avenue was involved in any other hacks. I would not be surprised if the HVAC compnay was compromised, the “default” user name and password for all service accounts was stolen, and then the hackers look on the HVAC site and see who they claim to service, and BOOM ! They are in. Whatever the scenario, its an Epic Fail on both parties.