UPDATED 13:09 EST / SEPTEMBER 09 2014

Fool me twice: Malware used in Target attack catches Home Depot off guard nearly a year later

jester joke prank april foolThe latest major cyberattack on a top U.S. retailer employed a variant of the malware that hackers used to break into the network  of Target Corp. last December, according to influential security blogger Brian Krebs. The holiday season heist saw the assailants take off with sensitive personal information belonging to approximately 70 million customers of the Minneapolis-based discount chain, making the breach one of the biggest in recent years.

No official figures have been disclosed for the most recent incident, but outsiders say there are clear signs that it is similar in scope to the Target hack.  Krebs wrote on his blog that the ZIP codes included in a massive trove of financial data recently put up for sale on underground cybercrime shop Rescator map out to Home Depot Inc.’s 2,000-plus locations with more than 99.4 percent accuracy. Rescator is the same website where the  credit card numbers obtained in the Target attack first showed up.

The results have been  corroborated with a number of other parties, he noted, including International Computer Science Institute (ICSI) researcher Nicholas Weaver.  Krebs offered more details on the incident in a follow-up post published over the weekend, citing “sources close to the investigation” into the breach as saying that the attack utilized a variant of malware used to bypass the home improvement chain’s defenses in order to target Home Depot.

Like the original version, the virus employed a RAM scraper to lift credit card numbers from the memory of Windows point-of-sale systems before they could encrypted. The underlying technology was around long before either attack, and Visa Inc. even issued warning to major retailers that RAM scraping may be used against them in the months leading up to the Target breach. But those warnings evidently weren’t uniformly heeded.

Krebs wrote that “clues buried within this newer version” suggest it took several months for the hardware chain to pick up on the breach, speculation Home Depot CEO Frank Blake confirmed in a statement this morning. He revealed the hackers first gained access to company systems in April but he didn’t divulge any other specifics.

Target came under criticism at the time for not revealing enough information about the scope of the attack. It initially stated that 40 million customers were compromised and then raising the number to 110 million before finally settling on the 70 million figure. Home Depot, in contrast, is apparently trying to keep up a tight lid on the investigation until the the full picture emerges. But details of the breach are already starting to leak out. The New York Times cited an anonymous insider as saying that the number of credit card numbers stolen from  the company could top 60 million.

photo credit: Will Montague via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU