%202.svg)
Target
Rescator’s Malware
Retail
$309M cost, 40M credit cards leaked
Unsecured Maintenance Remote Access
Weak Credentials, Lack of IT/OT Segmentation, Alert Fatigue
Passwordless Secure Remote Access and Segmentation
%20Cards.png)
The 2013 Target breach is a classic case study in third-party risk and IT/OTconvergence failure, resulting in over $309 million in total costs and the theft of40 million credit card accounts.
Attackers initially gained access using stolen network credentials belongingto an external Heating, Ventilation, and Air Conditioning (HVAC) vendor. Thisvendor’s access point (the Building Automation System (BAS)) was a forgottenentry point, a bridge between the vendor and the corporate network. Once insidethe BAS, the attackers leveraged this access point to pivot laterally into Target’score IT infrastructure, specifically targeting the sensitive payment processingsystems. The attack was detected, but was dismissed due to alert fatigue.
The incident demonstrates that Building Automation Systems are critical components of the corporate network that are often inadequately secured, creatingdangerous convergence points.
The HVAC vendor needed access only to a specific set of temperature controls.BlastWave enforces that the vendor’s connection is limited exclusively tothe specific BAS controller or system they need to manage. This access isstrictly confined, cloaking the rest of the network, including the payment carddata environment.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.