• Texaport provides best in-class, certified cyber security services to protect businesses from online threats.

          Incident Response Center

          If you are currently experiencing a cyber attack, contact our response desk immediately.

        • Texaport is a Managed Service Provider delivering a complete portfolio of IT solutions to support our clients’ operations across the UK and throughout the globe. 

    • Articles, News & Case Studies

      Thought leaders in the global IT sector
  • Contact

Anatomy of a Cyber Attack

Between November 27th, 2013 and December 15th, 2013, over 40 million credit and debit card details were compromised and around 70 million confidential customer records were copied from Target (a massive US retailer) servers. So how did this happen and how could it have been prevented? What lessons can be learned to prevent smaller businesses who may be less equipped from falling victim to this type of attack?

Target was deliberately attacked by cyber criminals who had been exploring potential vulnerabilities. Search engines provided valuable information and resources for the criminals including:

  • Target’s vendor portal
  • Target’s vendors
  • Target’s case study on Microsoft’s website

While Target’s IT team would have implemented security controls for the organisation, these would not prove to be sufficient against dedicated individuals seeking to exploit a vulnerable supply chain with unfettered access to Target systems.

Microsoft had published a detailed Case Study concerning Target’s use of technology throughout the organisation, highlighting the communication between sites and central management of services and devices.

The cybercriminals researched the vendors relied upon by Target who would have access to Target’s vendor portal. The vendor identified and exploited by the criminals in this instance was an HVAC supplier “Fazio Mechanical”. An email was containing malicious software was sent prior to the breach which stole credentials used to access Target’s online vendor portal.

Fazio Mechanical’s credentials were exploited and, once past Target’s “Boundary” security protocols, the criminals moved laterally through the network using common network tools to perform reconnaissance.

From here, custom malware was deployed to point of sales systems which remained undetected until after the campaign. This software proceeded to gather credit card information, saving it to small data files shared throughout the network. Once enough of this data was gathered the criminals retrieved it using the default username and password for the performance monitoring and analysing software managing Target’s servers.

This resulted in massive repercussions for Target, it’s customers, employees, and banks. As well as the CEO and CIO losing their jobs, directors were threatened with removal and Banks refunded more than $200million for cards and refunds. Profits dropped 46% in the fourth quarter of 2013 during the historically lucrative holiday season.

Both Target and Fazio Mechanical had passed PCI compliance audits and checks, being certified against these regulations prior to the attack and while individual measures could have protected against a brute force attack, this directed attack would have required a more comprehensive approach.

Preventing an attack like this.


Mail Filtering

Fazio Mechanical could have been protected from the malicious email through mail filtering which would have prevented the rogue sender from having their email received.

User Awareness

User awareness training for Fazio Mechanical would have ensured knowledge of
phishing attacks

and the dangers of credential exposure resulting in a reduced likelihood of divulging these.


An effective anti-malware agent may have detected and removed the software which

compromised their credentials for Target’s vendor portal.

Multi-Factor Authentication

Target’s vendor portal could have been enabled for multi-factor authentication, adding an extra layer of verification for vendors accessing Target’s portal.

Whitelisted Applications

A secure whitelist of approved applications would have potentially prevented the installation of unknown software agents, protecting the POS endpoints.

Point to Point Encryption

Encrypting data between the pin pad and the decryption environment would have prevented Credit and Debit card data being scraped when stored in POS memory during transactions.

Privilege Management

Ensuring that administrative accounts are securely locked down and not used for anything other than administrative purposes. Access, passwords and users should be monitored and logged. This could have prevented remote use and access for general purposes.

Protecting any company from a targeted criminal attack requires a multi-layered Holistic approach to security. As highlighted in the Target scenario, the supply chain must be evaluated when considering IT and data security as anyone with access could be compromised.

The UK Government and National Cyber Security Centre have produced guideline measures in the form of Cyber Essentials which companies can self-evaluate themselves against, certify with a Certification Body to prove their commitment or align themselves with a supporting IT company to help them through the process towards embedding security more deeply into the organisation.


IT Support, Case Study

Read our Reviews

More articles

IT Support

Your IT Support issues are resolved immediately at the first point of contact so you can get on with what's important


We hold Cyber Essentials Certification and Microsoft Silver Competency, reinforcing our commitment to quality


Secure your business from within. Enabling you to create a security-focused culture with automated training within your business


Keep your team connected with Texaport's suite of business grade connectivity and information communication solutions

Managed Services

Outsource your Managed IT Services, improve your operations and cut your expenses


Providing the lifelines to your communications with structured cabling design and instalation

Cloud Services

Take your business higher with Texaport's Cloud Consulting, Cloud Migration and Cloud Management

IT Consultancy

Tap Into our strategic experience with our project management and IT Consulting services

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Contact us for more information