This post is also available in: heעברית (Hebrew)

home depotHome Depot may have experienced a massive security breach, which affected an estimated 110 million people.

Home Depot on Wednesday said it was investigating the possibility, following security researcher Brian Krebs’ Tuesday alert. Multiple banks earlier on Tuesday had seen indications that Home Depot was the source of a huge new batch of stolen credit and debit cards that had gone on sale in the cybercrime underground.

“We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate,” the company said in a statement posted online.  The “unusual activity” referenced by Home Depot could be immense, as almost every location apparently was hit, according to updates from Krebs.

Retailers can expect further such attacks, because they are viewed as easy targets, Russ Spitler, VP of product management at AlienVault, told the E-Commerce Times. Most of the major retail chains have not made the investments in cybersecurity that are necessary to stop, or at least slow down, this generation of cyberthieves.

The scale at which the likely Home Depot breach occurred suggests that the cybercriminals accessed the point-of-sale machines from within the corporate network.

iHLS Israel Homeland Security

“This has been confirmed in the public information available about the Target breach and will likely be seen as more information comes available about the Home Depot situation,” Spitler said.

Much more goes into an attack of this magnitude — a lesson that retailers must absorb, he cautioned. This is how Spitler imagines the crime:

  •  The cybercriminals launch a broad-based attack against a known vulnerability using a watering hole. Most likely this is done by a different group of hackers who specialize in compromising machines and distributing malware. “The most common technique is to compromise popular websites and install what is called an ‘exploit kit,’ which targets known vulnerabilities in the browsers and systems of the users browsing to the compromised website,” Spitler said.
  • The hackers do a first-level analysis of the systems that are compromised to see what has been brought in by the net of the broad-based attack.
  • Once a target has been identified from the catch, the hackers start working toward their objective, which is the POS terminal.
  • This is done by performing reconnaissance on the network and identifying the access the machine has and the systems it can access.
  • The hackers systematically close in by identifying the ways to access the POS terminals.  “From that point, [they] target a known vulnerability in the system and install the memory-scraping malware that harvests the credit card information,” Spitler said.
  • In the critical last step, the hackers move the harvested credit card information from the POS terminals to a location of their choosing.