Target Third-Party Take-Down
In 2013, attackers lifted an unheard-of 40 million credit and debit cards from retail megachain Target's point-of-sale systems. Ferrara puts the breach in his top not just for the "devastating" scope of the damage, but because it showed just how dangerous an unwary business partner can be.
Investigators suspect the attackers initially gained access to Target's network using credentials obtained from heating, ventilation, and air-conditioning subcontractor Fazio Mechanical Services via a phishing email that included the Citadel Trojan.
Even if a retailer giant makes certain every one of its greeters is as well-trained in social engineering defense as they are in saying "welcome to Target," they aren't entirely safe from phishermen. Target served as a lesson to require better security from third-party contractors and to limit the network access those parties are provided.
(Image: "target," by Mike Mozart, via Flickr.)