Dyman & Associates Risk Management Projects: How To Get The Most Out Of Risk Management Spend
Target’s Cyber Security Staff Raised Concerns in Months Before Breach
Target Corp.’s computer security staff raised concerns about vulnerabilities in the retailer’s payment card system at least two months before hackers stole 40 million credit and debit card numbers from its servers, people familiar with the matter said.
At least one analyst at the Minneapolis-based retailer wanted to do a more thorough security review of its payment system, a request that at least initially was brushed off, the people said. The move followed memos distributed last spring and summer by the federal government and private research firms on the emergence of new types of malicious computer code targeting payment terminals, a former employee said.
The suggested review also came as Target was updating those payment terminals, a process that can open security risks because analysts would have had less time to find holes in the new system, the employee said. It also came at a difficult time—ahead of the carefully planned and highly competitive Black Friday weekend that would kick off the holiday shopping period.
It wasn’t clear whether Target did the requested review before the attack that ran between Nov. 27 and Dec. 18. The nature of the feared security holes wasn’t immediately clear, either, or whether they allowed the hackers to penetrate the system.
The sheer volume of warnings that retailers receive makes it hard to know which to take seriously. Target has an extensive cyber security intelligence team, which sees numerous threats each week and could prioritize only so many issues at its monthly steering committee meetings, the former employee said.
Target declined to confirm or comment on the warning.
The breach has caused headaches for Target customers who have dealt with fraudulent charges and have had millions of credit and debit cards replaced by issuers. Investigators and card issuers haven’t quantified damages from the attack.
Scam court email alert
The Business Crime Reduction Centre (BCRC) is warning people about a new email scam that threatens victims with court action.
Fraudsters have been sending out legitimate looking spoofed emails designed to trick recipients into installing malware.
The emails say you have been notified and scheduled to appear for a court hearing and contains specific dates, times, locations and reference numbers.
It asks you to download a copy of the “court notice” attached. The dowloadable.zip file actually contains an. exe file (a file that executes when clicked) containing a virus.
The email has no connection to the Criminal Justice System and anyone receiving the email should not download any attachments or click any links. Report to Action Fraud by using the online fraud reporting tool.
You are likely to see some variations of this email, as it is easy for fraudsters to amend the details and continue targeting people.
BCRC’s cyber security specialist said “the email is difficult to block as the subject headers change frequently.”
He also said: “Provoking a paniked, impulse reaction has become a very common scam technique for cyber criminals. Opening the attachment allows the criminal to spy on the victim, use their computer to commit crime, or steal personal and financial information.”
Dyman & Associates Risk Management Projects: How To Get The Most Out Of Risk Management Spend
By Valerio Anema
Dyman & Associates Risk Management Projects: How To Get The Most Out Of Risk Management Spend
- 426