Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Home Depot breach a near certainty, yet Backoff remains a question

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 5 Sep 2014 10:09:23 +0000 (UTC)
http://arstechnica.com/security/2014/09/home-depot-breach-a-near-certainty-yet-backoff-remains-a-question/

By Robert Lemos
Ars Technica
Sept 4, 2014
Home Depot has not yet confirmed that a slew of fraudulent transactions came from a breach of its systems, yet an increasing body of evidence is mounting that points to a massive compromise linked to the home-supply retail chain.
Financial institutions first detected the suspected breach when a wave of fraudulent transactions on cards had been used at Home Depot. On Wednesday, journalist and blogger Brian Krebs, who originally broke the story, analyzed the zip codes of a recent batch of stolen cards offered for sale on the underground and found a 99 percent match with the locations of Home Depot's stores.
Such a correlation is a "smoking gun," Lucas Zaichkowsky, enterprise defense architect at AccessData, a digital forensics and security services firm, said in an e-mail interview. Whether Home Depot has been breached is no longer a question, he said.
"The bigger question is why Home Depot didn’t detect the attackers as they maneuvered from their initial entry point past multiple layers of defense, performing internal reconnaissance and escalating privileges in the process," Zaichkowsky said. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: