Target Hackers Broke in Via HVAC Company

Last week, Target told reporters at The Wall Street Journal and
Reuters that the initial intrusion into its systems was traced back to
network credentials that were stolen from a third party vendor.
Sources now tell KrebsOnSecurity that the vendor in question was a
refrigeration, heating and air conditioning subcontractor that has
worked at a number of locations at Target and other top retailers.

Sources close to the investigation said the attackers first broke into
the retailer’s network on Nov. 15, 2013 using network credentials
stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based
provider of refrigeration and HVAC systems.

It’s not immediately clear why Target would have given an HVAC company
external network access, or why that access would not be cordoned off
from Target’s payment system network. But according to a cybersecurity
expert at a large retailer who asked not to be named because he did
not have permission to speak on the record, it is common for large
retail operations to have a team that routinely monitors energy
consumption and temperatures in stores to save on costs (particularly
at night) and to alert store managers if temperatures in the stores
fluctuate outside of an acceptable range that could prevent customers
from shopping at the store.

“To support this solution, vendors need to be able to remote into the
system in order to do maintenance (updates, patches, etc.) or to
troubleshoot glitches and connectivity issues with the software,” the
source said. “This feeds into the topic of cost savings, with so many
solutions in a given organization. And to save on head count, it is
sometimes beneficial to allow a vendor to support versus train or hire
extra people.”

Full story at
http://krebsonsecurity.com/2014/02/t...-hvac-company/

On 02/06/2014 06:58 AM, Moe DeLoughan wrote:
Target Hackers Broke in Via HVAC Company
X
“To support this solution, vendors need to be able to remote into the
system in order to do maintenance (updates, patches, etc.) or to
troubleshoot glitches and connectivity issues with the software,” the
source said. “This feeds into the topic of cost savings, with so many
solutions in a given organization. And to save on head count, it is
sometimes beneficial to allow a vendor to support versus train or hire
extra people.”

Full story at
http://krebsonsecurity.com/2014/02/t...-hvac-company/




Speaking of security, here is one for you


https://www.youtube.com/watch?v=TCKr...&app=deskt op

Moe DeLoughan posted for all of us...

And I know how to SNIP


Target Hackers Broke in Via HVAC Company

Last week, Target told reporters at The Wall Street Journal and
Reuters that the initial intrusion into its systems was traced back to
network credentials that were stolen from a third party vendor.
Sources now tell KrebsOnSecurity that the vendor in question was a
refrigeration, heating and air conditioning subcontractor that has
worked at a number of locations at Target and other top retailers.

Sources close to the investigation said the attackers first broke into
the retailer?s network on Nov. 15, 2013 using network credentials
stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based
provider of refrigeration and HVAC systems.

It?s not immediately clear why Target would have given an HVAC company
external network access, or why that access would not be cordoned off
from Target?s payment system network. But according to a cybersecurity
expert at a large retailer who asked not to be named because he did
not have permission to speak on the record, it is common for large
retail operations to have a team that routinely monitors energy
consumption and temperatures in stores to save on costs (particularly
at night) and to alert store managers if temperatures in the stores
fluctuate outside of an acceptable range that could prevent customers
from shopping at the store.

?To support this solution, vendors need to be able to remote into the
system in order to do maintenance (updates, patches, etc.) or to
troubleshoot glitches and connectivity issues with the software,? the
source said. ?This feeds into the topic of cost savings, with so many
solutions in a given organization. And to save on head count, it is
sometimes beneficial to allow a vendor to support versus train or hire
extra people.?

Full story at
http://krebsonsecurity.com/2014/02/t...-hvac-company/

This reminds me of SCADA (sp) hacking that supposedly happened 4-5 years ago; which proved false.
The HVAC co probably had access but Target should have firewalled them from the other segments.

--
Tekkie

On Thu, 06 Feb 2014 06:58:25 -0600, Moe DeLoughan
wrote:

Last week, Target told reporters at The Wall Street Journal and
Reuters that the initial intrusion into its systems was traced back to
network credentials that were stolen from a third party vendor.

{Home use} Download, install, and update definitions of Belarc
Advisor (free). I recently fixed a laptop for a friend of the wife.
It had a fake "credential" installed.

To fix the bad credential, it requires a valid MSFT product. BA will
provide the link and information in the BA report. Once the product is
validated MSFT allows a valid ( fix ) credential to be installed.

http://belarc.com/

The bad credential was causing her firewall to shutdown. Best I could
tell. But it is fixed now.