Mobile Tech Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Product Reviews for Mobile Tech Users
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Wednesday, April 23rd 
Real-time info services with Neustar
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Laptops & Tablets
Mobile Phones
Mobile Gadgets
Mobile Apps
BYOD & MDM
iPad
Mobile Industry News
Wireless Connectivity
Wireless Security
GPS & Maps
MTT Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Enterprise I.T.

Corporate Hackers Target Weak Link: the Supply Chain

Corporate Hackers Target Weak Link: the Supply Chain
February 16, 2014 3:30PM

Bookmark and Share
Hackers gained access to Target's computer systems through the stolen credentials of a heating and refrigeration contractor. Even as companies spend millions to bolster the security of their networks, the access that necessary outside vendors are given doesn't get nearly enough attention, several information security professionals say.

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

The cyber thieves who hit Target Corp. took advantage of a widespread and often overlooked weakness in corporate information security: third-party computer connections that can create a virtual back door to customer information.

Digital links with suppliers, contractors or consultants are essential to run a complex business in the Internet age. Yet, even as companies spend millions to bolster the security of their networks, the access vendors are given doesn't get nearly enough attention, several information security professionals say.

Hackers gained access to Target's computer systems through the stolen credentials of a heating and refrigeration contractor. Once inside, the thieves were able to move around and ultimately stole payment card data card or personal information of up to 110 million Target customers.

Given that the typical Fortune 1000 company likely has thousands of active suppliers, hackers have plenty of ways to infiltrate, said Jeff Hall, a security consultant in the Twin Cities for Overland, Kan.-based Fish Net Security.

"I've hacked companies through their elevator contractors," Hall said.

Most companies don't view third party vendors as a major security threat, said David Kennedy, founder of the security firm TrustedSec. in Strongsville, Ohio. Vendor management, as he describes it, is "extremely loose."

Security pros consider the supply chain a critical security risk -- ranking with the classic employee insider attack and the traditional hack, where an outsider ferrets a hole in a company's firewall.

"In the modern world, business-to-business connections are the weakest link," said Brian Isle, founder of the Minneapolis-based cyber security firm Adventium Labs. "The first thing an attacker will do is look at who you do business with."

One Door Opens Many

Once a skilled hacker gains entry into a company's network, they frequently can move around even if there's segmentation such as firewalls with rules that restrict network traffic, said TrustedSec's Kennedy. "The rest of it is basically wide open," he said.

Investigations into Target's hack, one of the largest recorded data breaches in U.S. history, continue. It's not yet clear how cyberthieves stole the network access credentials from Fazio Mechanical Services Inc., a heating and refrigeration company in Sharpsburg, Penn., first identified by investigative security blogger Brian Krebs at KrebsonSecurity as the point of entry.

It's also unclear how they moved from vendor access to the point of sale systems in Target's stores. That's where malware was discovered that allowed hackers to collect unencrypted card data.

Isle, Kennedy and others encourage clients to run penetration tests, sometimes called Red Teaming, in which expert crews stage hack attacks to sleuth out vendor vulnerabilities to fix so the bad guys can't get in. (continued...)

1  |  2  |  3  |  Next Page >

 

© 2014 Star Tribune (Minneapolis, MN) syndicated under contract with NewsEdge. All rights reserved.

Tell Us What You Think
Comment:

Name:



 Enterprise I.T.
1. Lessons from Verizon's Threat Report
2. Hortonworks, Concurrent To Partner
3. APX Labs Aims To Put Glass in Business
4. Malware Targets Facebook Users
5. Zebra Buys Motorola Enterprise Biz




 Most Popular Articles
1. Google Glass Finds a Home in Medical Education, Practice
2. HP Rolls Out New Software-Defined Network Products
3. Smartphone Kill Switch Could Save Users $2.6B a Year
4. Avaya Aims To End Network Waiting Game
5. Google Video Shows Off Modular Project Ara Phone


 Related Topics  Latest News & Special Reports

  OnePlus One Boasts Android Weapon
  Samsung Gear Fit Geared for Exercise
  Google Sharpens Contact Lens Vision
  Samsung: $2.2B Too Much for Apple
  Review: Windows Phone Advances

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
Navigation
Mobile Tech Today
Home/Top News | Laptops & Tablets | Mobile Phones | Mobile Gadgets | Mobile Apps | BYOD & MDM | iPad
Mobile Industry News | Wireless Connectivity | Wireless Security | GPS & Maps | MTT Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Mobile Tech Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.