Summary: Follow The Genera APT Attack Model
The Target story does follow the genera APT kill chain attack model in various different ways. In regards to its full definition (white hand out) , it was sophisticated, had multiple attack vectors, established extended foothills within Target, pursued its objectives repeatedly, adapted to defenders’ efforts, and maintained a level of interaction of execution. The Target attack was sophisticated in the sense that it was launched discretely and navigated around the (little) infrastructure and back-up plan that was established. It had multiple attack vectors in the sense that it occurred through a 3rd party vendor and not the organization in itself, meaning it had to attack from different angles in order to get all the wanted information. The
…show more content…
There were several breakdowns in Target’s security operations. First, the security system was not compliant to the latest standards nor was the architecture robust enough – too many systems were chained together without defenses between them. Second, Target did not make the changes that were suggested to them on multiple fronts, but instead either ignored them completely or did not implement a plan that would last long. Third, the response to the multiple warnings, from both the monitoring system and the security teams, was not enough in comparison to the severity of the warnings. Like most organizations, Target could not predict the kind of attack that would be executed on them; however, had they responded to any of these problems directly and more carefully, they could have stopped the breach much sooner.3. The first thing I would recommend to the company would be to at least implement the standards and known issues. Yes, the main point of APTs are to constantly attack, adapt, and repeat until breach, but having established protocols in place would help Target to be less vulnerable by default. Second, I would make sure that there are establish security “check points” at all levels of system interaction or transactions. The check points should be robust enough to stop anything that is not explicitly correct. And lastly, I think Target should I would make sure that there is a proper response workflow for every point of the APT kill chain...this way, although the APT
There were several breakdowns in Target’s security operations. First, the security system was not compliant to the latest standards nor was the architecture robust enough – too many systems were chained together without defenses between them. Second, Target did not make the changes that were suggested to them on multiple fronts, but instead either ignored them completely or did not implement a plan that would last long. Third, the response to the multiple warnings, from both the monitoring system and the security teams, was not enough in comparison to the severity of the warnings. Like most organizations, Target could not predict the kind of attack that would be executed on them; however, had they responded to any of these problems directly and more carefully, they could have stopped the breach much sooner.3. The first thing I would recommend to the company would be to at least implement the standards and known issues. Yes, the main point of APTs are to constantly attack, adapt, and repeat until breach, but having established protocols in place would help Target to be less vulnerable by default. Second, I would make sure that there are establish security “check points” at all levels of system interaction or transactions. The check points should be robust enough to stop anything that is not explicitly correct. And lastly, I think Target should I would make sure that there is a proper response workflow for every point of the APT kill chain...this way, although the APT