Will Home Depot top Target for most data stolen?

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Acohido

Could Home Depot sur­pass Tar­get and become the retail­er known for los­ing the most cus­tomer records to hackers?

Tar­get ulti­mate­ly admit­ted to los­ing sen­si­tive data for some 110 mil­lion cus­tomers. Home Depot, which made head­lines this week for becom­ing the lat­est mar­quee retail­er hit by hack­ers, could yet top that num­ber. Con­sid­er these factors:

Dura­tion of hack. The Home Depot breach became pub­lic only after cyber­se­cu­ri­ty blog­ger Bri­an Krebs dis­closed that banks had traced large batch­es of stolen account num­bers appear­ing for sale in the cyber under­ground back to the home improve­ment chain.

That sug­gests the hack­ing group had been pulling out data, unde­tect­ed, for a long peri­od of time, per­haps as ear­ly as April, observes Patrick Thomas, secu­ri­ty con­sul­tant at Neo­hap­sis, a secu­ri­ty and risk man­age­ment con­sult­ing company.

His­tor­i­cal­ly, when orga­ni­za­tions learn of their own com­pro­mise by reports from unre­lat­ed third par­ties it means that the intru­sion has been ongo­ing for months,” Thomas says.

Type of hack. Mul­ti­ple sources are report­ing that the Home Depot hack­ers used a vari­ant of the Back­off mal­ware used to crack into the point of sale reg­is­ters and data stor­ing servers at the P.F. Chang bistro chain. And Back­off itself is a vari­ant of the POS mal­ware used to infil­trate Target’s sys­tems in late 2013.

The P.F. Chang and Tar­get breach­es have been attrib­uted to a hack­ing group based in Rus­sia, known for using dis­tinc­tive tech­nolo­gies for scrap­ing Ran­dom Access Mem­o­ry dri­ves and evad­ing antivirus detec­tion. This group has also been sell­ing data stolen from large retail­ers labeled as “Amer­i­can Sanc­tions” and “Euro­pean Sanc­tions,” says Itsik Haz­an, mar­ket­ing vice pres­i­dent at Sen­tinelOne a sup­pli­er of end­point threat detec­tion and response software.

This seems to indi­cate that this was an act of retal­i­a­tion against the U.S. and Europe for the eco­nom­ic sanc­tions placed on Rus­sia in response to its actions in the Ukraine,” says Haz­an. “If this is in fact a nation-state spon­sored attack, it clear­ly rais­es the stakes for com­mer­cial orga­ni­za­tions to urgent­ly reform their secu­ri­ty practices.”

Size of the retail chain. At the moment it is not clear how many Home Depot stores were affect­ed. There are  2,200 Home Depot stores in the Unit­ed States and 287 more in Cana­da, Guam, Mex­i­co and Puer­to Rico. Tar­get has 1,795 stores in the Unit­ed States 130 in Cana­da. Krebs is report­ing that the Home Depot breach “could be many times larg­er than Tar­get,” which ulti­mate­ly report­ed los­ing data files for 70 mil­lion cus­tomers and cred­it card records for 40 mil­lion customers.

Home Depot feels like deja vu in the wake of Target’s mas­sive breach,” says Eric Chiu, pres­i­dent at cloud secu­ri­ty com­pa­ny HyTrust. “This should be anoth­er major wake up call to every com­pa­ny, espe­cial­ly giv­en the con­nect­ed world we live in. Con­cen­trat­ed data cen­ters are gold mines for attackers.”

Secu­ri­ty experts say there is not much indi­vid­ual con­sumers can do to stop sophis­ti­cat­ed hacks designed to crack inter­nal store systems.

With the demands of tech­nol­o­gy ever grow­ing and the ease of use for the cus­tomer becom­ing more and more impor­tant, the risk of hack­ers and mal­ware to the store­front con­tin­ues to rise,” says Adam Kujawa, direc­tor of intel­li­gence at anti­mal­ware com­pa­ny Mal­ware­bytes.



Posted in Cybersecurity, Data Breach, News & Analysis