INVITATION TO CYBERSECURITY 78 login to many different high-value websites such as banks and email accounts hoping to find a match. Figure 4.3 THC Hydra, a hacking tool for password guessing. All of the credential stealing attacks mentioned in this section can be mitigated with multi-factor authentication (MFA). MFA does not rely solely on passwords for authenticating users. MFA will be discussed more in Chapters 8 and 9. 4.1.2.4 Supply Chain Attacks “The attackers reportedly first gained access to Target’s system by stealing credentials from an HVAC and refrigeration company, Fazio Mechanical Services, based in Sharpsburg, Pennsylvania. This company specializes as a refrigeration contractor for supermarkets in the mid-Atlantic region and had remote access to Target’s network for electronic billing, contract submission, and project management purposes.” - A “Kill Chain” Analysis of the 2013 Target Data Breach by the United States Senate Committee on Commerce, Science, and Transportation Supply chain attacks focus on first compromising a supplier of the target and then using the supplier to gain access to the target. Because a trust relationship exists between an organization and its suppliers, the supplier may have some privileged access to the target,
RkJQdWJsaXNoZXIy MTM4ODY=