HOME DEPOT is a big box retailer in the USA. It suffered from a security breach that affected 56 millions payment cards.
The malware used in the attack is most likely to have been used in others attack. Briankrebs who reported the attack suggests that the BlackPOS malware which was used againt TARGET was also used in this case. The hackers started by compromising a third-party supplier workstation and manage to install the malware in the point-of-sale terminal. At this point the collection of credit card entry data was automated and sent to an offsite collection system.The malware was present between April and September 2014, though the incident was first reported in September 02, 2014.
Lesson learned: In this recent POS attack, Payment Card Industry (PCI) regime could improve this. Home Depot should look to UPSStore example to learn how to report a breach. Online merchants need to resist fraudulent use of credit cards : Verified by VISA, MASTERCARD SecureCode, Paypal, Apple Pay. Finally, Home DepotCustomers must demand new account numbers. Why on this earth aren’t you using white listing on PCs attached to payment devices?.
Malware researchers need to test their skills and develop defense with real specimen. They can collect malwares sample from honeypot or download those from URL sources. The following sites can be resourceful:
LaCie is a french manufacturer of hard drive. It was a victim of a security breach and obviously sent notifications to customers about the incident . The breach was detected by the FBI on March 19,2014 which forwarded the alarm. A malware was used to gain access to customer’s transactions made between March 27,2013 and March 10,2014. Names, addresses,email addresses,payment card numbers and cards expiration dates belonging to customers have been accessed by the unauthorized party. LaCie urged everyone to change their password believing that customers’ usernames and passwords on LaCie’s website could have also been accessed.
These sites can give you indications when analysing malicious files . If you are a target of an APT and care about the privacy of your organisation’s information, then do not upload the file, instead use the hash.
A dangerous cyber weapon has infected many computers in Ukraine in 2014. It is a spyware designed to steal sensitive secret information from high potential networks . Experts believe that this rootkit has been undetected for more than three years. Due to the complexity and the estimated high cost of this malware, G Data the German security company believes a sponsored state is behind this attack, possibly linked to Russia, since the developers of this malicious program speak Russia language.
Uroburo works autonomously and works on peer-to-peer mode .The infected computers spy on documents and send those to a PC connected to the internet. It supports 32 and 64 bit Windows Operating System.