Target Breach Originated from Vendor with No Security?


target-logoIntrepid security investigator Brian Krebs has reported that sources close to the Target investigation have discovered… “exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer“.

Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials which Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. Investigators have now discovered that Fazio Mechanical’s primary method of detecting malicious software on its internal systems was the free version of Malwarebytes Anti-Malware, which, of course, does not include any sort of real time protection.

There is no question that, like Target, Fazio Mechanical was the victim of cybercrime. But investigators close to the case took issue with Fazio’s claim that it was in full compliance with industry practices, and offered another explanation of why it took the Fazio so long to detect the email malware infection: The company’s primary method of detecting malicious software on its internal systems was the free version of Malwarebytes Anti-Malware.

I wonder when these companies are going to start taking the security of consumer information seriously? Hopefully, any punitive measures handed down at the end of this investigation will be of a serious enough nature to make other companies sit up and take notice.

 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.