Discuss case 5.1 BlackPOS Malware Steals Target’s Customer Data. Answer the foll

Question

Discuss case 5.1 BlackPOS Malware Steals Target’s Customer Data.

Answer the following questions that relate to the case:

1. Was cybersecurity a priority at Target? Explain.

2. How did lax security impact Target’s sales revenue and profit performance?

3. According to experts, how was the data breach executed?

4. In addition to the data theft, what else was damaged by this incident?

5. Was this cybersecurity incident foreseeable? Was it avoidable?

6. Why might management not treat cyberthreats as a top priority?

7. Research recent news concerning this data breach. Has Target recovered from it? Explain.

8. Assuming that the CEO and CIO were forced to resign, what message does that send to senior management at U.S. companies?

Black Pos Malware steals Target's customer Data Data Breach Company Profile Hackers installed malware, 2nd gest retail dincounterin he probably bought from a mnal 40 2013 profit dropped 46 and POS terminals to capture data sales revenue fell 5.3% ahnr from credit and debit cards and transmit back to the hackets Extent of the Breach and Costs Personal and financial data from up to 70 million customers slolen igure 5.1 Target data Epimated breach to cost from $400 million to Target is a major discount retailer in the United States (Figure 5.1). Targets agement admitted that 40 million credit and debit card accounts were eposed between November 27 and December 15,2013. During that peak holiday shopping season, hackers captured credit card data from the stores' point-of-sale (POS payment terminals (Figure 5.2) the Target disclosed the breach on December 19, 2013. then on January 10,3 retailer also reported that hackers stole 40 million credit card numbers alang with the personal information of another 70 million customers The incident scael shoppers away affecting the company's profits throughout 2014. HOW THE ATTACK Several experts believe that POS malware bought from the criminal undergosai whose code for malicious are computer program Black POS causes disruption, destruction, or other devious action Malware named tised on is sold on the black market for or more. The malware is Internet underground lorums WAS CARRIED OUT name Dump Maman installed on POs devices is

Explanation / Answer

Answer 1. Cybersecurity was not a priority.They realized it after the POS attack that it is a huge issue that has to be prioritized As soon as possible,making environment secure and safe.the environment was secure and safe by six o'clock at night.Target eliminated the malware in the access point ,they were very confident that on coming monday guets could come to target and shop with confidence and with no risk,"Steinhafel told CNBC .Steinhafel's comments to CNBC appear to be more of a public relations account of the timeline rather than words coming from Target's security team,which is not shocking.Depending on how many systems were compromised,remediating the malware infections across many systems in may locations across the country would likely be a significant undertaking.

Answer 2. Target released its fourth quarter earnings,posting fourth qaurter revenue of $21.5 billion,a 3.8% fall over the same time last year but ,somewaht surprisingly, a figure that edged above street expectations of $21.45 billion.Fourth quarter net income plummeted 46% to $520 million,resulting in earning of 81 cents per share.This too,beat the analyst consensus,which was calling for earnings of 79 cents per share.

These results bring Target's full year 2013 results into focus,and these were also marked by declines that can be attributed to both the data the data breach and a disappointing performance in its Canadian segment.Target's full yar 2013 revenue increased 0.9% to $72.6 billion,while full year profit fall 34% to $1.97 billion.

Answer 3. Kaptoxa malware infected Target POS machines,security researchers say.The malware reportedly includes some Russian language tags,and was also used in a smaller series of apparent trial attacks last year,after which stolen data appeared on Eastern European cybercrime forums.Those facts have led some investigators to surmise that whoever attacked Target might be operating from either Russia or former Soviet satellite .After somehow hacking into Target and infecting POS terminals with Kaptoxa ,Target's attackers then employed a two-stage attack "First the malware that infected Target's checkout counters(POS) extracted credit numbers and sensitive personal details,"Aviv Raff ,CTO of Israel-based cyber security technology company Seculert,said in a blog post."Then ,after staying undetected for six days,the malware started Transmitting the stolen data to an external FTP server,using another infected machine within the Target network".

The malware transmitted batched information up to three times per day-but only after checking the compromised system system to see if the time was between 10:00a.m and 5:00 p.m.If so,the malware would create a temporary NetBIOS share and connect to another internal ,compromised system,from which FTP transfer then occured, Wired reported.

On Dec 2,and continuing for two weeks,the FTP server began receiving several transmission per day of batched ,stolen information.Also begining on Dec 2, the attckers "used a V.P.N Located in Rusiia to download the stolen Data from FTP.

Answer 4. Cyber thieves executed a successful cyber attacks against Target,one of the largest retail companies in the US.The attackers surreptitiously gained access to Target's computer network,stole the financial and personal information of as many as 110 millions Target customers,and then removed that sensitive information from the Target's network to a server in Eastern Europe.This report presents an explanation of how the target breach happened,based on media reports and expert analysis that have been published since Target publicity acknowledge this breach on December 19,2013.

Answer 5. Unfortunately ,those attack methods don't appear to point to any specific cybercrime gang.We haven't seen this specific VPS before,"Raff said via email." However ,VPS are usually used by attacker as a proxy to hide their real IP address, so the attackers may have been using different VPS hosting over time." While the stolen Target information no longer resided on the Russian server that Seculert found,a review of publicity accessible logs for the server shows that only IP addresses from Target had connected to the FTP server."So far there is no indication of any relationship to the Neiman Marcus attack," Raff said.

Answer 6 According to a Target,Our top priority is taking care of our guests.THey should feel confident about shopping at Target.We work hard to protect their information.But the reality is we experienced a data breach.Our guests expect more and we are working hard to do better.We know this shaken their confidence and we intend to earn it back.We are further strengthening our data security based on learnings from an end to end review of our systems.We are out finished with that review,and addiontal facts may effect our findings,but we are certainly developing a clearer picture of events and want to share with some key facts we have learned like any large business,we log a significant number of technology activities in our system more than 1 billion on average each day.These activities range from relatively insignificant ,such as a team member logging onto a laptop,to more significant ,such as removal of a virus from computer.

Answer 7. Target continues to struggle to bounce back from a massive security breach last year,but its latest earning report released wednesday morning shows that the shopping habits of low and middle income consumers may be a bigger problem.Chief financial officer John Mulligan said that the "vast majaority " of Target shoppers who came to the store before the breach have returned to their stores,a sign that the company is slowly rebuilding trust after the cyberattack exposed millions of customers' credit cards data.But Mulligan noted that its shoppers have remained deal conscious and cautious about spending money amid the tepid economic recovery. That forced the Minneapolis based company to offer more discounts in the second quarter than it planned to,which in turn ate into its profit margins.

Target's Revenue increased 1.7 % in the second quarter to $17.4 billion,but profit plunged nearly 62% to $234 million.

Answer 8 Target's CEO Gregg Steinhafel ,a 35 year employee of the company with the last six at the helm,resigned in the light of the recent holiday season credit card security breach that affected 40 million consumers.While many speculate about the reasons for his sudden departure,Target's foray into Canada has not been particularly successful as well,and it's likely that the data breach incident provided the addional impectus required for the board to request his resignation.Target also replaced their CIO with Bob DeRodes,an executive with a very strong background in information security.The Target board of directors was also under significant pressure. A proxy firm,Institutional Shareholder Services ,had recommended that investors of seven board members.The firm said the board failed to protect the company from last year's data breach.The board members were able to convince shareholders to re-elect themhowever ,although the message to them was clear that future data security breaches were considered to be their responsibility.

This should be harbinder for CEOs and board members of companies large and small. The costto Target TGT+0.78% for the data will be in the billions by most estimates. Evenfor CEOs who do not report to outside boards,the cost of a significant data breach ,particularly if not covered by insurance,could cost them their company.

Related Questions

Navigate

• Browse (All)
• Browse D
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.