The compromise of credit card and personal data from the Target attack has been widely reported. You might even be a victim — some of us at Iconix were victims!
The attack has now been traced back to one of Target’s vendors — Fazio Mechanical. Fazio Mechanical has issued a statement in which it explains that its was “the victim of a sophisticated cyber attack operation.” “sophisticated cyber attack operation” — what could that be? The mind conjures up images of a James Bond-like infiltration of their systems. In fact, it was the most reliable trick in the cyber-bad guy book — spearphishing. According the Krebs on Security, the Target breach started with a spearphishing email that was opened by a Fazio Mechanical employee. The email installed malware at Fazio Mechnical which captured Fazio Mechanical’s log in credentials to the Target vendor payment system. Using those credentials, the bad guys logged into Target. From there it was a routine rights escalation exercise for the attackers — eventually stealing personal data of 110 million Target customers.
Cyber attackers must infiltrate systems in order to do their dirty work. The easiest way to infiltrate systems is to exploit the softest target — people. How can an attacker get to the people? Email.
Spearphishers deceive people into making bad email decisions that compromise security. IT needs to help people make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.