Comments from Arbor Networks - Home Depot hack
September 2014 by Arbor Networks
Following the news of the Home Depot breach being confirmed, please see below comments from Curt Wilson, Senior Research Analyst at Arbor Networks:
Over the last few months, we have seen that several Point of Sale (PoS) malware families continue to be a huge threat to the retail sector as threat actors reap the rewards of their attacks. Original PoS Threat actor tactics have evolved over the years, yet older attack tactics still bear fruit. The first style of attack was opportunistic and used crude malware that requires additional data exfiltration methods. Memory-scraping malware exfiltrating data via PoS botnets composed the ongoing second phase, and the modern era involves an increasing amount of targeted attacks that involve advanced tactics, techniques and procedures such as customized malware, multi-stage data exfiltration, lateral movement from partner organisations, increased attempts at obfuscation, and other methods taken from the playbook of targeted attack tactics. Dexter, Project Hook, Soraya and Backoff are all examples of the types of malware that combine these techniques to steal payment information, and as new threat actors appear, any business using a PoS system is vulnerable.
The flurry of recent Point of Sale compromises indicates that organisations can no longer be complacent and need to combat these threats through the deployment of robust security measures to include people, process, and technology. Restrictive remote access policies, careful use of anti-malware applications, system and networking hardening, adequate security staffing and the use of robust internal and external network monitoring are some of the elements that must be in place to allow organisations to protect and defend their critical assets, and detect these threat actors as they launch and maintain their compromise campaigns. Robust network monitoring also provides an opportunity for organisations to analyse unusual network traffic, and can mean the difference between a short-term compromise or one that lasts months or longer. Any compromise puts customer data and business reputation at risk, but long-running persistent compromises are especially painful and can put a huge dent in an organisations ability to execute on its core mission, and may even threaten the integrity of the organisation’s existence.