[ISN] Target Hackers Tapped Vendor Credentials

http://www.informationweek.com/security/attacks-and-breaches/target-hackers-tapped-vendor-credentials/d/d-id/1113641? By Mathew J. Schwartz InformationWeek.com 1/30/2014 Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer. “We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Target spokeswoman Molly Snyder said Thursday via email. Target declined to identify the vendor whose credentials attackers had obtained, though confirmed that the attack vector has been blocked. “As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access,” she said. “Since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues.” Target’s attackers ultimately stole 40 million credit and debit cards collected by the retailer’s point-of-sale (POS) systems, set up a server inside Target’s network to collect that stolen data, then regularly sent it in batches via FTP to a server in Russia. Attackers also stole personal details pertaining to 70 million Target customers. While Target declined to disclose further details from its investigation, security journalist Brian Krebs reported Wednesday that Dell SecureWorks this week released a private report to some of its clients, which suggests that Target’s attackers gained access to Performance Assurance for Microsoft Servers, which is IT infrastructure management software sold by BMC Software. […]