Answer. Yes, Target story does indeed follow the general “ATP kill chain” attack model as clearly elaborated upon in the case study. Attackers started by performing“Reconnaissance”over one of Target’s external heating and ventilation providers, Fazio Mechanical Servicesprobably after prior deep investigation to detectan easy loophole to infiltrate Target’s network for its malicious objectives.Also,Fazio relied onfree version of a security software called, “Malwarebytes Anti-Malware”, whose license explicitly prohibited corporate use; which is a fineexample of Overreliance on knowledge versus intelligence. This information was further used by the attackers to enter the “Weaponization”phase to execute a phishing campaignagainst thisexternal vendorbymeans
…show more content…
NaikPIN numbers were stolen as wellwhichwould have had helped towards stabilising and mitigating the impact;the decision to continue operating stores inspite of breach discovery by Target CEO Gregg Steinhafel on December 12th;poor customer support services through call centres further leadcustomers helpless and unable to protect themselvesdue to lack of information.These were a result of lack on appropriate response strategyindicatingOverreliance on intuition to make security decisions.Q3. What recommendations would you give to the company in order to improve their security operations?Answer. My personal recommendation for the company would be to first of all design an appropriate attack response strategy,protocol in order to better handleany future attacks;improvise on the network segmentation to better safeguard confidential information,act upon system vulnerabilities as soon as reported,include assessment of security implementation by the external vendor’s as part of the pre-requisites before providing them access to Target’snetworkto minimize the attack surface,create a list of approved servers and internet connections Target’s network shouldcommunicate within order to make sureallcracksinsecurity foundationare fixed; prioritizingsecurity reports, alerts by Target’s security teams,their intrusion detection software like the FireEye software, the FireEye Teamby buildingsituationalawareness of the evolving state of attacks
NaikPIN numbers were stolen as wellwhichwould have had helped towards stabilising and mitigating the impact;the decision to continue operating stores inspite of breach discovery by Target CEO Gregg Steinhafel on December 12th;poor customer support services through call centres further leadcustomers helpless and unable to protect themselvesdue to lack of information.These were a result of lack on appropriate response strategyindicatingOverreliance on intuition to make security decisions.Q3. What recommendations would you give to the company in order to improve their security operations?Answer. My personal recommendation for the company would be to first of all design an appropriate attack response strategy,protocol in order to better handleany future attacks;improvise on the network segmentation to better safeguard confidential information,act upon system vulnerabilities as soon as reported,include assessment of security implementation by the external vendor’s as part of the pre-requisites before providing them access to Target’snetworkto minimize the attack surface,create a list of approved servers and internet connections Target’s network shouldcommunicate within order to make sureallcracksinsecurity foundationare fixed; prioritizingsecurity reports, alerts by Target’s security teams,their intrusion detection software like the FireEye software, the FireEye Teamby buildingsituationalawareness of the evolving state of attacks