User Account

All Pages

What are some challenges in big data with regards

Assignment Help Basic Computer Science
Reference no: EM131939637

After reading the article below give your opinion on the following:

How much does human error come into play with big enterprise security breaches?

What are some challenges in Big Data with regards to security?

Anatomy of the Target data breach: Missed opportunities and lessons learned

Target hasn't publicly released all the details of its 2013 data breach, but enough information exists to piece together what likely happened and understand how the company could have prevented the hack.

By Michael Kassner 

Target's infamous data breach happened just over a year ago. Are we any the wiser? Have lessons been learned? Although not every detail has been made public, experts have developed an unofficial attack timelinethat exposes critical junctures in the attack and highlights several points at which it could have been stopped.

The attack started on November 27, 2013. Target personnel discovered the breach and notified the U.S. Justice Department by December 13th. As of December 15th, Target had a third-party forensic team in place and the attack mitigated. On December 18th, security blogger Brian Krebs broke the story in this post. "Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records," mentioned Krebs. "The sources said the breach appears to have begun on or around Black Friday 2013 -- by far the busiest shopping day the year."

Then things became interesting. Target informed about 110 million credit/debit-card wielding shoppers, who made purchases at one of the company's stores during the attack, that their personal and financial information had been compromised. To put that in perspective, the attackers pilfered 11 gigabytes of data.

Anatomy of the attack

Now let's look at the sequence of events that precipitated the data breach. Had any of these steps been noticed and countered, the attack would likely have fallen apart.

ADVERTISING

1. Preliminary survey We don't know for certain if or how the attackers performed reconnaissance on Target's network prior to the attack, but it wouldn't have required much more than a simple internet search.

Teri Radichel in this GIAC (GSEC) dissertation explains how the attackers may have gleaned information about Target's infrastructure. "Reconnaissance would have revealed a detailed case study on the Microsoft website describing how Target uses Microsoft virtualization software, centralized name resolution, and Microsoft System Center Configuration Manager to deploy security patches and system updates," writes Radichel. "The case study also describes Target's technical infrastructure, including POS system information."

Advances in deep learning are picking up tremendous momentum-from the development of specialized software to major breakthroughs in hardware capabilities. This ebook looks at what deep learning has accomplished so far and where it's likely to go...

eBooks provided by Tech Pro Research

The internet provides additional clues. "A simple Google search turns up Target's Supplier Portal, which includes a wealth of information for new and existing vendors and suppliers about how to interact with the company, submit invoices, etc.," adds Krebs in this blog post. After drilling down, Krebs found a page listing HVAC and refrigeration companies.

2. Compromise third-party vendor The attackers backed their way into Target's corporate network by compromising a third-party vendor. The number of vendors targeted is unknown. However, it only took one. That happened to be Fazio Mechanical, a refrigeration contractor.

A phishing email duped at least one Fazio employee, allowing Citadel, a variant of the Zeus banking trojan, to be installed on Fazio computers. With Citadel in place, the attackers waited until the malware offered what they were looking for -- Fazio Mechanical's login credentials.

At the time of the breach, all major versions of enterprise anti-malware detected the Citadel malware. Unsubstantiated sources mentioned Fazio used the free version of Malwarebytes anti-malware, which offered no real-time protection being an on-demand scanner. (Note: Malwarebytes anti-malware is highly regarded by experts when used in the correct manner.)

Chris Poulin, a research strategist for IBM, in this paper offers some suggestions. Target should demand that vendors accessing their systems use appropriate anti-malware software. Poulin adds. "Or at least mandate two-factor authentication to contractors who have internal access to sensitive information."

3. Leveraging Target's vendor-portal access Most likely Citadel also gleaned login credentials for the portals used by Fazio Mechanical. With that in hand, the attackers got to work figuring out which portal to subvert and use as a staging point into Target's internal network. Target hasn't officially said which system was the entry point, but Ariba portal was a prime candidate.

Brian Krebs interviewed a former member of Target's security team regarding the Ariba portal, "Most, if not all, internal applications at Target used Active Directory (AD) credentials and I'm sure the Ariba system was no exception," the administrator told Krebs. "I wouldn't say the vendor had AD credentials, but internal administrators would use their AD logins to access the system from inside. This would mean the server had access to the rest of the corporate network in some form or another."

Poulin suggests several attack scenarios, "It's possible that attackers abused a vulnerability in the web application, such as SQL injection, XSS, or possibly a 0-day, to gain a point of presence, escalate privileges, then attack internal systems."

Not knowing the details, makes it difficult to offer a remediation for this portion of the attack. However, Poulin opines that IPS/IDS systems, if in place, would have sensed the inappropriate attack traffic, notifying Target staff of the unusual behavior. According to thisBloomberg Business article, a malware detection tool made by the computer security firm FireEye was in place and sent an alarm, but the warning went unheeded.

4. Gain control of Target servers Again, Target hasn't said publicly how the attackers undermined several of their internal Windows servers, but there are several possibilities.

Radichel in the SANS dissertation offers one theory. "We can speculate the criminals used the attack cycle described in Mandiant's APT1 report to find vulnerabilities," mentions Radichel. "Then move laterally through the network... using other vulnerable systems."

Gary Warner, founder of Malcovery Security, feels servers fell to SQL-injection attacks. He bases that on the many similarities between the Target breach and those perpetrated by theDrinkman and Gonzalez data-breach gang which also used SQL injection.

5. Next stop, Target's point of sale (POS) systems This iSIGHT Partners report provides details about the malware, code-named Trojan.POSRAM, used to infect Target's POS system. The "RAM-scraping" portion of the POS malware grabs credit/debit card information from the memory of POS-devices as cards are swiped. "Every seven hours the Trojan checks to see if the local time is between the hours of 10 AM and 5 PM," mentions the iSIGHT Partners report. "If so, the Trojan attempts to send winxml.dll over a temporary NetBIOS share to an internal host (dump server) inside the compromised network over TCP port 139, 443 or 80."

This technique allowed attackers to steal data from POS terminals that lacked internet access.

Once the credit/debit card information was secure on the dump server, the POS malware sent a special ICMP (ping) packet to a remote server. The packet indicated that data resided on the dump server. The attackers then moved the stolen data to off-site FTP servers and sold their booty on the digital black market.

Lessons learned

As a result of the breach, Target has tried to improve security. A corporate webpage describes changes made by the company regarding their security posture, including the following:

  • Improved monitoring and logging of system activity
  • Installed application whitelisting POS systems and
  • Implemented POS management tools
  • Improved firewall rules and policies
  • Limited or disabled vendor access to their network
  • Disabled, reset, or reduced privileges on over 445,000 Target personnel and contractor accounts
  • Expanded the use of two-factor authentication and password vaults
  • Trained individuals on password rotation

If these changes have been implemented as Target describes, they would help address the weaknesses exploited during the attack.

However, the attackers demonstrated extraordinary capabilities by exfiltrating data from a complex retail network as noted in this paper (courtesy of Brian Krebs) by Keith Jarvis and Jason Milletary of Dell SecureWorks Counter Threat Unit, which makes their conclusion all that more poignant. "This level of resourcefulness points to the current value for credit-card data in the criminal marketplace," mentions the paper. "And similar breaches will be common until fundamental changes are made to the technology behind payment cards."

Reference no: EM131939637

Questions Cloud

Differences between cybersecurity and computer security : What are the similarities and differences between cybersecurity and computer security.
Data types for creating a database for the scenario : Please Suggest the Entities and Attributes and their data types for creating a database for the scenario below:
Describe exception reports versus special analysis reports : Describe exception reports versus special analysis reports, including why these reports are important and an example of when these reports are useful.
The purpose of holding orientation and training sessions : The purpose of holding orientation and training sessions is to provide new employees with the skills they need to perform their jobs successfully.
What are some challenges in big data with regards : How much does human error come into play with big enterprise security breaches? What are some challenges in Big Data with regards to security?
Design a selection procedure for the position : Design a selection procedure for the position taking into consideration the mini-lecture and the material.
Missed opportunities and lessons learned : Anatomy of the Target data breach: Missed opportunities and lessons learned
Determine which operator to assign to each machine : The Reliance manufacturing Company produces an aircraft part. The company can produce the part entirely at a flexible work center.
Is sql a scripting language : Is SQL a scripting language? If possible could I get a full detailed explenation as well as any support for the answer?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Create a new spreadsheet named final-xlsx

Create a new spreadsheet named final.xlsx. Enter the following data into the worksheet. Enter numbers exactly as you see them. The first row is a heading that should merge across all six columns.

  Additional web resources for telecommunication-network

You may search these questions or part of them on the web resource links available under "Additional Web Resources for Telecommunication & Network Security.pdf". If you do so, you must provide the reference to the resource as well as cite in your ..

  Importance of optimization and performance tuning

Discuss the importance of optimization and performance tuning. Include points pertaining to indexing, partitioning

  What are some emerging technologies

What are some emerging technologies that a C-store/ service stations would explore that improves its productivity and efficiency?

  What should the neighborhood association do

The flowers and labor for the garden cost $55. What should the neighborhood association do?

  Compute the power absorbed by the inductor

For the circuit shown in Figure P4.40(a) , the current i ( t ) is shown in Figure P4.40(b) .

  A calculator application that allows prefix, infix and postf

A calculator application that allows prefix, infix, and postfix expressions to be evaluated (i.e., allows all 3 types of expressions

  Write an applet that display a picture of a pine tree

Write an applet or GUI application that display a picture of a pine tree formed by drawing a triangle on top of a small rectangle that makes up the visible.

  Design an algorithm to perform a prefix computation

Design an algorithm to perform a prefix computation on an √n ×√n mesh in 3√n steps. Show that no other algorithm for this problem on this mesh has substantially better performance.

  Such as sunk costs, opportunity costs

In working out your responses to the Discussion Question, you should choose examples from your own experience or find appropriate cases on the Web that you can discuss. Credit will be given for references you make to relevant examples from real co..

  What is the intent of regulatory compliance

What is the intent of regulatory compliance, and what is the role of IT in maintaining corporate compliance?

  Create an animation of a simple mechanism

Choose an appropriate point of view that will work for all of the frames of the animation. Alternately, change the point of view during the animation.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd