It’s the signature move of a smart hacker; use one vulnerable point of entry on an interconnected system, then go after your real target. Now it seems one unfortunate HVAC maintenance man was used as the hacker’s pawn in the Target data breach scam.
Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems, was given access to a Target database so the company could remotely login and perform efficiency updates. After stealing one Fazio worker’s credentials, the hackers used this digital pathway to insert the destructive malware, reported security blogger Brian Krebs.
Target said last week their ongoing investigation into the breach revealed a “third party vendor” was used to gain access, which is a standard move for hackers, David Kennedy, TRUSTEDSEC founder and security consultant, told TheBlaze. When multiple systems are linked, like a heating and air conditioning system and a credit card processing system, as long as a hacker can access a single point in the network, they can likely reach all the interconnected data.
“There is a data hub that handles all of those interconnections, and hackers can ride the trusted connections and pivot to other systems – it’s a very common practice,” Kennedy added.
Click headline to read more–
This is Fascinating…The idea that an HVAC contractor inadvertently contributed to one of the largest Data Breach incidents is completely unpredictable.