Target’s data breach last December was the second largest in U.S. history, with more than 100 million people affected. Now it is reported that the huge hacking attack may have started with just one email.
KrebsOnSecurity has published a report that the hackers accessed Target’s network by using authentication gained from a heating and ventilation subcontractor.
The contractor, once infected by malware spread by the attackers, left the virus undetected due to its anti-malware protection being a scan-only program with no preventative firewall.
When an order was placed by Target, the vendor had to log into a Target portal to confirm, connecting the two systems and spreading the infection.
Krebs states that the hackers may not have initially made Target its primary goal, but sent malicious emails out ‘like a shotgun blast’ to see who would be infected. Once the contractor had been infected and then spread the malware to Target, the hackers went to work.
Target made the job no harder, too, according the report, with easy to glean domain names and user info posted onto its dedicated websites. Investigations into the breach continue.