Home Depot Struck by Same Malware that Rocked Target

By

Late last year, Target was struck by a devastating malware attack that released the personal information of millions of customers including names, addresses and credit card numbers. Now, it appears the same software was used in another attack launched against Home Depot last Tuesday.

Last year's attack on Target exploited security vulnerabilities on the company's point-of-sale (POS) systems, where the retail transactions take place. A malware strain known as “BlackPOS” was able to copy and transmit customer data as the transaction was taking place, and this same software was found within Home Depot's cash registers.

RedSeal Networks, a leading provider of end-to-end network visibility and cyberattack prevention analytics claims that this attack is part of a rising trend. “The similarity of the Home Depot breach to the Target breach is a useful object lesson in how security works nowadays,” said the company's CTO Dr. Mike Lloyd. “Similar to any criminal investigation, it's worth thinking about motive, means and opportunity.”

“Motive hasn't changed much – it's easy to see why some people would steal money, when it's easy enough. Means do change – automated tools are continuously being developed, and largely automated” continued Lloyd.

 This means that when an attack works once, it's likely to work again, and automation allows attackers to sit back and have computers hunt down any other victims who are vulnerable in the same way. And as for the opportunity, the problem there is that our defenses are generally weak. The fact that the same exploit worked at both Target and Home Depot is a reminder of the IT mono-culture, and the serious perils of under-investment in defensive security automation.

By increasing variety in the way POS systems work, businesses will not have to live in fear of BlackPOS attacks. Unfortunately, the current security systems climate is rather homogenous, which increases the effectiveness of repeat attacks like this one.




Edited by Maurice Nagle

TechZone360 Contributing Writer

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More