blog




  • Essay / Case Study: 2014 Home Depot Data Breach

    Table of ContentsSecurity IssuesOutdated SoftwareThird Party AccessLack of OversightRisk AnalysisThreat IdentificationCurrent Control MeasuresSystem VulnerabilitiesRisk Mitigation StrategiesConclusionReferencesIn 2014, Home Depot was hacked using login information from a third-party provider. From there, the hackers infiltrated their network and installed custom malware. Home Depot has experienced many issues related to lack of security and system updates. With some of these implementations, they could reduce the risk of an event like this happening again. After months of going undetected, it was made public that 56 million credit card numbers had been compromised. The hackers carried out a passive attack after accessing the network with the login credentials of a third-party provider. After obtaining information about the system, they used a known issue with the operating system to elevate their user status. From there, they were able to install custom RAM recovery malware that read customers' cards, and through this, the hackers obtained the credit card numbers of 56 million customers. They also received emails from 53 million customers. This will focus on protecting customer data and the threats and risks associated with that data. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”?Get the original essaySecurity IssuesOutdated SoftwareThe POS terminals were running an outdated version of Windows. Using this operating system has made their POS terminals more vulnerable to attacks. The operating system of the POS terminals should have been Windows Embedded 8 Industry or Windows Embedded POS-Ready 7. If the operating system had been updated on the POS terminals, more security features would have been available to mitigate the risk of the current vulnerabilities. An important feature that would have helped prevent customer data from being seen by malicious agents would be the use of point-to-point (P2P) encryption. However, this was not available on the operating system they were using at the time. In addition to the outdated operating system, Home Depot's antivirus protection also needed to be updated. The antivirus software currently in use was Network Protection from Symantec, from 2007. All software had to be a modern version, and if the POS terminals were not capable of running it, they would also have had to be upgraded (this could be the case). in the risk mitigation section). Third-party access The hackers would not have been able to gain access to Home Depot's network if they did not have access to a third-party vendor's login information. Easy-to-guess passwords are a common problem with any type of software that relies on logins. Once the hackers entered the system using third party credentials, they took advantage of an issue with the Windows operating system version being used to elevate their user status within the system . After this user status increase (I'm pretty sure there is a better word for this, find it), they moved to the enterprise environment and installed custom malware that affected many endpoints point of sale. In this situation, third party accessibility was an issue, as well as the lack of a strong connection. Lack of oversight It took Home Depot five months torealize that a stranger had access to the customer's information. If regular network monitoring and audits had been conducted, they may have noticed the intrusion and less customer information would have been compromised. The Payment Card Industry Security Standards Council requires system scans to be performed quarterly. Along with this, they require a third-party security team to go through the network and perform an audit. Former employees of Home Depot's IT staff claim that Home Depot did not meet either of these conditions. One important feature that was not enabled was their protection against network threats. Had these audits and analyzes been conducted, they may have been able to address some vulnerabilities and implement strategies that could have prevented or reduced the severity of this breach. Risk Analysis Threat Identification A) Card Skimmers Card skimmers are devices made by criminals. to be placed on point-of-sale terminals resemble the normal devices we use to make purchases. The devices still make purchases, but they read and record card data and store it for the thief who installed them. The data stored is the name of the card owner, the card number and the expiration date (Hawkins, 2015). Card skimmers could be installed on Home Depot POS terminals. Attackers Attackers pose the greatest threat to Home Depot's point-of-sale terminals and networks. The majority of attacks are external attacks. Attackers carry out these attacks most of the time to obtain customer information. After getting this information, they turn around and sell it. In the case of this violation, it was an external attack. The hacker accessed a third-party vendor's account and carried out a passive attack to obtain information about the type of software used on the point-of-sale terminals. After that, the attacker installed malware that read customers' card data on approximately 7,500 Home Depot point-of-sale terminals. Attackers pose the biggest threat. B) Asset Value Home Depot's technology assets in this case include their point-of-sale terminals, networks, customer data, software, and network personnel. Customer data is of the highest priority. In the case of the Home Depot breach and many other breaches, customer data is the target of attackers. The security of this information should be the first concern. Tarnishing privacy can greatly affect that company's image among the public. If public opinion of a company declines, sales will follow. Point-of-sale terminals, networks, software, and network personnel all have moderate priority. All of these assets are essential to operating in the modern market. However, without customers, retail chains have nothing. Current Control Measures There was insufficient information available on the control measures that were in place at the time of this breach. Home Depot used Symantec antivirus from 2007 on its network. According to Symantec (2006), "this patent-pending technology detects camouflaged threats at all levels of the system, including the application, user mode, and kernel levels." The software also provided solutions to prevent threats from taking advantage of vulnerabilities in the version of Windows used at the time (Symantec, 2006). There was no information on whether Home Depotwas also using Norton Internet Security 2007, which would have provided additional network protection. Since the threat agents gained access using login credentials from a third-party vendor, Home Depot had accessibility controls in place. System Vulnerabilities As noted in the Security Issues section, Home Depot's systems had numerous issues. POS terminals run Windows XP Embedded SP3 as the operating system. This version of Windows is susceptible to attacks. Older versions of operating systems may not receive all security patches and updates received by current operating systems. The version of antivirus they were using was seven years old at the time. The software may have supported stores' current point-of-sale infrastructure, but it suffers from the same problems as older operating systems. The physical security of POS terminals can be compromised if there are open ports. It is recommended to disconnect or physically block all but one port for maintenance. Allowing suppliers to have access to the same network that Home Depot uses for its other operations is a major security risk and vulnerability. Limiting their accessibility and separating different parts of their network could help prevent a hacker from obtaining much information about their network or databases. It is possible for someone to install a card skimmer on a POS terminal if left near an unattended POS terminal long enough. Home Depot network staff said Home Depot does not conduct monthly audits or scans for network and system vulnerabilities. These measures must be in place. Without these measures, network staff do not know whether the measures currently in place are sufficient or not. Constantly improving the security of these systems costs the company money, but the savings from preventing a major breach, as in this case, are far less than the financial and image costs of the company. Their network staff also determined that on their Symantec Endpoint Protection, the Network Threat Protection option was not enabled. (This measure does that and would have prevented the situation from getting worse, blah blah blah). Risk Based on the generic risk context of the organization, retail is not as vulnerable an industry as some of the other areas on the spectrum. Retail is likely to be targeted because there is a lot of personal information circulating on their network. The customer's credit card information is valuable. Retailers, however, know they are at risk and need to take more precautions than other sectors. A combined risk assessment approach is the ideal assessment. The baseline would be upgrading the operating system, antivirus software, firewall, and physical port blocking on POS terminals. Customer data is typically the information most sought after by malicious agents. Therefore, the decision to protect this information as much as possible is good for Home Depot's public image and for the well-being of the customer's security. Since this is so important, even more security is needed in this area. There is a need for more encryption of customer information, as well as separation of customer information into different files. The risk of a card skimmer being installed on a POS terminal is rather low, but the cost of implementing a solution to the problem is also low. The best solution to this potential threat is to properly train and inform employees 26, 2019.