![]() The majority of attacks are outside attacks. Attackers Attackers are the biggest threat to Home Depot’s POS terminals and networks. Card skimmers could be installed on Home Depot’s POS terminals. ![]() The data stored is the name of the card owner, the card number, and the expiration date (Hawkins, 2015). The devices still make purchases, however they read and record the cards data and store it for the thief who installed it. If these audits and scans had been carried out, they may have been able address some of the vulnerabilities and implement strategies that could have prevented or reduced the severity of this breach.Ĭard skimmers are devices made by criminals to be placed upon POS terminals look just like the normal devices we use to conduct our purchases. One important feature that was not enabled was their Network Threat Protection. Former employees of Home Depot’s IT personnel say that Home Depot was not adhering to either of these conditions. Along with this, they require that a third-party security team go through the network and perform an audit. The Payment Card Industry Security Standards Council requires that scans of the system be conducted every quarter. If there had been regular network monitoring and audits performed, they may have noticed the intrusion and not as many customer’s information would have been compromised. It took five months for Home Depot to realize an outsider was gaining access to customer’s information. The third party’s accessibility in this situation was a problem, as well as the lack of a strong log-in. After this increase in user-status (I’m pretty sure there is a better word for this, find it), they switched to the corporate environment, and installed a custom-built malware that affected numerous POS terminals. After the hackers got in the system using the third-party’s credentials, they took advantage of an issue with the version of windows OS that was being used to elevate their user-status within the system. Easy-to-guess passwords are a prevalent problem with any sort of software that is reliant upon log-ins. The hackers would not have been able to make their way onto Home Depot’s network if they had not gained access to a third-party vendor’s log-in credentials. All the software should be a modern version, and if the POS terminals were not capable of running it then the terminals should have been upgraded as well (might put this in the risk mitigation part). The current anti-virus software that was being used was Symantec’s Network Protection from 2007. Along with the outdated operating system, Home Depot’s anti-virus protection needed to be updated as well. This was not available on the operating system that they were using at the time however. One important feature that would have helped possibly prevented customer’s data from being seen by the threat agents would be the use of Point-to-Point (P2P) encryption. If the operating system had been updated on the POS terminals, then there would have been more security features available to use to mitigate the risk of the present vulnerabilities. The operating system on the POS terminals should have been Windows Embedded 8 Industry or Windows Embedded POS- Ready 7. The use of this operating system made their POS terminals more vulnerable to attacks. The POS terminals were running an out-of-date version of windows. This will focus on the protection of the customer’s data and the threats and risk associated with that data. They also got the email of 53 million customers. From this they were able to install custom RAM scraping malware that read customer’s cards, and from this the hackers gained the credit card numbers of 56 million customers. After gaining information about the system, they used a known issue with the OS to elevate their user status. ![]() The hackers carried out a passive attack after gaining access to the network with a third party vendors log in credentials. After months of not being detected, it was released to the public that 56 million credit card numbers were compromised. With some of these implementations they could reduce the risk of experiencing an event like this occurring again. ![]() Home Depot had many issues with the lack of security and updating of systems. From there the hackers infiltrated their network, and installed custom malware. In 2014 Home Depot was hacked using a third party vendor’s log in information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |