![]() According to this Bloomberg Business article, a malware detection tool made by the computer security firm FireEye was in place and sent an alarm, but the warning went unheeded.Ĥ. ![]() However, Poulin opines that IPS/IDS systems, if in place, would have sensed the inappropriate attack traffic, notifying Target staff of the unusual behavior. Not knowing the details, makes it difficult to offer a remediation for this portion of the attack. Poulin suggests several attack scenarios, "It's possible that attackers abused a vulnerability in the web application, such as SQL injection, XSS, or possibly a 0-day, to gain a point of presence, escalate privileges, then attack internal systems." This would mean the server had access to the rest of the corporate network in some form or another." ![]() ![]() "I wouldn't say the vendor had AD credentials, but internal administrators would use their AD logins to access the system from inside. Brian Krebs interviewed a former member of Target's security team regarding the Ariba portal, "Most, if not all, internal applications at Target used Active Directory (AD) credentials and I'm sure the Ariba system was no exception," the administrator told Krebs. ![]()
0 Comments
Leave a Reply. |