ANT- HOME DEPOT DATA BREACH
HOME DEPOT DATA BREACH-
September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached.
The malware was able to grab credit/debit card information of 56 million customers. The hardware and building supply retailer announced in September that its POS systems had been infected with malware. The company later said an investigation concluded that a “unique, custom-built” malware had been used, which posed as anti-virus software.
The attacker infiltrated the POS networks and were able to steal the payment card data. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment.
Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses. The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
Solutions-
1) Point to Point Encryption-
P2P encryption provides encryption at the point of swipe when using your credit or debit card. In the use case of debit cards, it even encrypts your 4-digit PIN code you enter. All of this is done before the data reaches memory, which prevents data from being captured in memory.
2) Network Segregation-
The POS network should be properly segregated from the rest of the corporate network. The use of private VLAN’s comes into use with this type of countermeasure. Using a networking switch, you can place the devices on the POS network into their own VLAN.
3) Managing Third Party Vendor Credentials -
The least privileged principle needs to be used. All third-party vendors should be allowed the minimal access needed to perform their tasks and should be denied access to internal resources, unless required.
September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached.
The malware was able to grab credit/debit card information of 56 million customers. The hardware and building supply retailer announced in September that its POS systems had been infected with malware. The company later said an investigation concluded that a “unique, custom-built” malware had been used, which posed as anti-virus software.
The attacker infiltrated the POS networks and were able to steal the payment card data. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment.
Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses. The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
Solutions-
1) Point to Point Encryption-
P2P encryption provides encryption at the point of swipe when using your credit or debit card. In the use case of debit cards, it even encrypts your 4-digit PIN code you enter. All of this is done before the data reaches memory, which prevents data from being captured in memory.
2) Network Segregation-
The POS network should be properly segregated from the rest of the corporate network. The use of private VLAN’s comes into use with this type of countermeasure. Using a networking switch, you can place the devices on the POS network into their own VLAN.
3) Managing Third Party Vendor Credentials -
The least privileged principle needs to be used. All third-party vendors should be allowed the minimal access needed to perform their tasks and should be denied access to internal resources, unless required.
Comments
Post a Comment