We hosted a webcast a couple of weeks ago in we shared information about the Target attack including where the malware used in the attack originated, how the malware works, theories on how the attackers infiltrated Target and some ideas on how to protect your organization. If you missed the event and would like to access the on-demand recording, visit http://go.alertlogic.com/TargetWebcastRecording.html.
Based on audience Q&A and recent press activity, there’s considerable interest and several theories on how the malware was delivered. One theory we shared was that the attackers gained access through a vendor portal used by suppliers and partners to engage in business with Target. In the past week, there’s been considerable news with more details on this topic and the research team has continued to follow the online conversations and do their own investigation. Krebs on Security was the first to report that the attackers gained access to the Target network using credentials stolen from a HVAC provider, Fazio Mechanical Services, who has done work in the past for Target as well as other top retailers. Fazio has confirmed that they had a login for electronic billing, contract submission and project management. Fazio has clarified in the statement below (also available on their website) that they didn’t do remote monitoring of Target HVAC systems. We’re sure that more details will emerge over time.