Roughly a week after a massive batch of stolen and debit cards went on sale in the underground market pointing to a breach in large retail giant Home Depot, the company confirms that their payment systems have been compromised. This affected customers who have used their credit cards in any of the 2,264 stores in the United States or in Canada since April this year.
Early news of the breach concluded that the Home Depot breach actors are the same ones responsible for other massive breaches against large US retail chains.
“There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others,” security news researcher Brian Krebs said in his blog .
Further comparison of the large US retail chains involved in the recent series of breaches show that the Home Depot breach may just be the largest to be put on record. This quarter alone saw a slew of data breach and distributed denial of service (DDoS) attacks happen to big-name companies.
Last year, Target flagged 40 million cardholders affected by a massive breach known to date. This year, sources close to the Home Depot investigation estimates that attackers could have stolen roughly 60 million credit card numbers. The investigation is still ongoing as to the total number of affected customers.
In an early statement following news of the stolen credit data leak underground, Home Depot spokesperson Paula Drake said, ““Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
Now that the company has confirmed the breach, they are assuring that affected customers will not be held responsible for fraudulent charges. The company offers free identity protection services and credit monitoring to any customer who has shopped at its stores since April 2014.
BlackPOS Malware Strikes Again
Notably, the payment systems of Home Depot were found to have been installed with variants of BlackPOS, the same malware variant found in Target’s point-of-sale (PoS) systems. BlackPOS is by far, the most popular malware family attacking PoS systems and had been continually modified since its source code was leaked in 2012. We have recently found a new BlackPOS malware that specifically targets retail accounts.
The BlackPOS malware can disguise itself as a known AV software. It lists all running processes and then steals track data, which is usually found on the cards’ magnetic stripe or embedded chip and are used to carry out card transactions. It then saves the file and sends the information back to the attackers’ servers.
We previously reported that companies, especially industries using PoS systems, should watch out for the following ways by which this type of malware can possibly arrive in their systems:
Cybercriminalscan find a way to target specific servers, find a point of entry once inside, then move laterally to get into all connected payment systems.
They can also hack into network communications.
Finally, they can infect machines even before these are deployed in the stores.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).