Fool me twice: Malware used in Target attack catches Home Depot off guard nearly a year later
The latest major cyberattack on a top U.S. retailer employed a variant of the malware that hackers used to break into the network of Target Corp. last December, according to influential security blogger Brian Krebs. The holiday season heist saw the assailants take off with sensitive personal information belonging to approximately 70 million customers of the Minneapolis-based discount chain, making the breach one of the biggest in recent years.
No official figures have been disclosed for the most recent incident, but outsiders say there are clear signs that it is similar in scope to the Target hack. Krebs wrote on his blog that the ZIP codes included in a massive trove of financial data recently put up for sale on underground cybercrime shop Rescator map out to Home Depot Inc.’s 2,000-plus locations with more than 99.4 percent accuracy. Rescator is the same website where the credit card numbers obtained in the Target attack first showed up.
The results have been corroborated with a number of other parties, he noted, including International Computer Science Institute (ICSI) researcher Nicholas Weaver. Krebs offered more details on the incident in a follow-up post published over the weekend, citing “sources close to the investigation” into the breach as saying that the attack utilized a variant of malware used to bypass the home improvement chain’s defenses in order to target Home Depot.
Like the original version, the virus employed a RAM scraper to lift credit card numbers from the memory of Windows point-of-sale systems before they could encrypted. The underlying technology was around long before either attack, and Visa Inc. even issued warning to major retailers that RAM scraping may be used against them in the months leading up to the Target breach. But those warnings evidently weren’t uniformly heeded.
Krebs wrote that “clues buried within this newer version” suggest it took several months for the hardware chain to pick up on the breach, speculation Home Depot CEO Frank Blake confirmed in a statement this morning. He revealed the hackers first gained access to company systems in April but he didn’t divulge any other specifics.
Target came under criticism at the time for not revealing enough information about the scope of the attack. It initially stated that 40 million customers were compromised and then raising the number to 110 million before finally settling on the 70 million figure. Home Depot, in contrast, is apparently trying to keep up a tight lid on the investigation until the the full picture emerges. But details of the breach are already starting to leak out. The New York Times cited an anonymous insider as saying that the number of credit card numbers stolen from the company could top 60 million.
photo credit: Will Montague via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
