Ira Winkler, is very well known champion in the security arena who is super busy and he still found time to write this article on ComputerWorld in regards to the 6 Failures of Target.
To summarize the article, basically, there wasn’t just a single point of failure that was vulnerable.
- The network was not properly segregated, thus, PCI systems and non-PCI systems were commingled, leading to the ability of someone without need to know (the HVAC contractor) to have the ability to reach PCI systems.
- Attacker(s), once logged in, probed the network, in which an IDS would be able to detect or at least log.
- Analysis shows the POS systems were infected all worm style, network monitors should have picked that up.
- POS systems enable whitelisting, since malware still ran, whitelisting was not enabled.
- To get the information out of Target, systems were hacked to store the information that was getting stolen AND
- Network lines weren’t monitored for DLP, as the stolen data was transmitted out.