ANT- HOME DEPOT BREACH
HOME DEPOT DATA BREACH-
September 8th, 2014, Home Depot announced that its POS System was breached.
There was a malware that was able to grab credit/debit card details of 56 million customers throughout United States of America. The retailer that supplied the hardware and building services had concluded in September that its POS systems had been infected with malware. The company later said an investigation showed that, posing as an antivirus software, a very target-specific custom built malware was used.
The POS networks were infiltrated by the malware and the attackers were able to steal the payment card data. The attackers used the login credentials of a third-party vendor and gained access to one of Home Depot’s vendor environments. Then they exploited a vulnerability which was very specific to windows OS, that had allowed them to center through the vendor-specific environment to the Home Depot POS system in their corporate environment.
After they had access to the Home Depot network, they installed memory scraping malware on over 7,500 self-checkout POS terminals. This malware then grabbed information of over 56 million credit and debit cards. The malware was also able to successfully gather 53 million email addresses. The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
The reason for this was the data was stored in plain text and was not encrypted. Also there was barely any network segregation in place.
Solutions-
1) Point to Point Encryption-
Home depot started using EMV chip enabled cards soon after that for an additional layer of security. Also what can be done is P2P encryption which provides encryption at both the points, from when you swipe when using your credit or debit card, it will encrypts your 4-digit PIN code, before the data will reach POS memory, This will prevent data from being gathered in memory.
2) Network Segregation-
The corporate network and POS network should be properly segregated. Private VLAN’s can be used for this countermeasure. Using a networking switch, devices on the POS network can be placed into their own VLAN.
3) Managing Third Party Vendor Credentials -
The need to give the least privilege to third party vendors. All third-party vendors should be given the least required access needed to do their tasks and should be denied access to internal corporal resources, unless required.
September 8th, 2014, Home Depot announced that its POS System was breached.
There was a malware that was able to grab credit/debit card details of 56 million customers throughout United States of America. The retailer that supplied the hardware and building services had concluded in September that its POS systems had been infected with malware. The company later said an investigation showed that, posing as an antivirus software, a very target-specific custom built malware was used.
The POS networks were infiltrated by the malware and the attackers were able to steal the payment card data. The attackers used the login credentials of a third-party vendor and gained access to one of Home Depot’s vendor environments. Then they exploited a vulnerability which was very specific to windows OS, that had allowed them to center through the vendor-specific environment to the Home Depot POS system in their corporate environment.
After they had access to the Home Depot network, they installed memory scraping malware on over 7,500 self-checkout POS terminals. This malware then grabbed information of over 56 million credit and debit cards. The malware was also able to successfully gather 53 million email addresses. The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
The reason for this was the data was stored in plain text and was not encrypted. Also there was barely any network segregation in place.
Solutions-
1) Point to Point Encryption-
Home depot started using EMV chip enabled cards soon after that for an additional layer of security. Also what can be done is P2P encryption which provides encryption at both the points, from when you swipe when using your credit or debit card, it will encrypts your 4-digit PIN code, before the data will reach POS memory, This will prevent data from being gathered in memory.
2) Network Segregation-
The corporate network and POS network should be properly segregated. Private VLAN’s can be used for this countermeasure. Using a networking switch, devices on the POS network can be placed into their own VLAN.
3) Managing Third Party Vendor Credentials -
The need to give the least privilege to third party vendors. All third-party vendors should be given the least required access needed to do their tasks and should be denied access to internal corporal resources, unless required.
Sounds so much like the current scenario with Facebook and data analytics.
ReplyDeleteThe solutions provided are good enough to be implemented in majority data Breach cases.
ReplyDelete