- Jul 27, 2015
- 5,458
Quote: " The bigger the business, the more suppliers. And more internet-connected devices everywhere means cybercriminals have more ways in.
In this episode, Eliza-May Austin, CEO and co-founder of cybersecurity start-up th4ts3cur1ty.company (That Security Company,) explains how cybercriminals stole 40 million people’s card details from US retail giant Target with an attack that began in their air conditioning system. You read that right. It started with an employee at Target’s air conditioning supplier clicking a link in a phishing email, injecting malware into their system. Target had remote access to monitor their air conditioning units, and that remote access was through the same network where cybercriminals could access personal data. They got inside point-of-sale devices and pulled customer card details from the machine’s memory. The attack cost Target some 61 million US dollars.
These kinds of attacks aren’t new, but they’re becoming more common and harder to detect. Apple and computer hardware makers ASUS are among those who’ve been targeted. Energetic Bear was a significant attack on critical energy infrastructure. Cybercriminals began the attack with spear phishing – targeting specific people with customized emails and making a hit list of potentially vulnerable suppliers. In 2017, Kaspersky researchers discovered a ‘backdoor’ (dubbed ShadowPad) in server management software hundreds of large businesses use. When activated, the backdoor let attackers download malicious modules and steal data. The researchers notified the suppliers, NetSarang, who pulled down the compromised software and replaced it with an earlier clean version. Sometimes, there is no clean version. Noushin Shabab, Senior Security Researcher at Kaspersky, explains how supply chain attacks can start as software is being developed. “Cyberattackers compromise software by getting inside software used by developers – the development environment. That way malicious code can end up on many businesses’ networks.” "
Full source:
Tomorrow Unlocked by Kaspersky – Documentary films about our technology futures
Thought-provoking stories about how technology helps us create a better future. From real-life cybercrime to defending our online lives.
www.tomorrowunlocked.com