The massive data breach of payment card numbers and other customer details at Target last December raised serious doubts about security of point-of-sale (POS) systems. And the recent breach of the Home Depot has amplified those concerns, as more and more retailers are owning up to breaches involving POS compromises.
In the Home Depot’s case, the company hasn’t fully disclosed what data was lost or at how many of its more than 2,000 stores — leading to speculation about the size of the breach and whether the same type of malware that hit Target was involved. [UPDATE: Home Depot confirms 56 million payment card numbers were exposed.]
What can consumers and retailers do to stay safe?
The Home Depot dilemma
One of the most startling revelations about the Home Depot breach is that the company’s POS registers were supposedly protected by antivirus software, but to no avail.
How did the attackers get around the Home Depot’s antivirus protection?
Sophos Senior Security Advisor Chester Wisniewski tells Bankinfosecurity.com that determined attackers can craft their malware to evade detection by antivirus software.
“A smart attacker in a targeted environment will always bypass your antivirus,” Chet says.
That doesn’t mean there’s no defense against the type of malware that apparently hit Home Depot POS registers.
Chet explains that an antivirus and firewall can stop the vast majority of “opportunistic” attacks, but stopping targeted attacks (also known as APTs) requires additional layers of security.
For consumers, there’s not much Home Depot customers can do apart from checking for fraudulent charges on their credit cards (fortunately, debit card PINs were not stolen in this attack).
As Chet says in a recent episode of the Sophos Security Chet Chat podcast, “As a Home Depot customer myself, I’ll be keeping a close eye on my credit card statements for a while, just to be sure that nobody has run off with my details.”
You can listen to the podcast embedded below — skip ahead to the [9’28”] mark to hear Chet and Naked Security expert Paul Ducklin’s discussion of the Home Depot breach.
(Audio player above not working? Download the MP3, or listen on Soundcloud.)
Beyond the Home Depot Hype: How to stop credit card thieves and opportunistic malware
Watch Sophos security expert Chester Wisniewski, who recently appeared on ABC News, discuss the Home Depot breach in the webcast below.
Learn how to not only protect credit card transactions, but how to detect and stop data theft.
Millions of Dropbox accounts breached – is your data safe in the public cloud? | Sophos Blog
[…] response was refreshing when compared to that of other major brands, such as Home Depot, which chose to communicate very little with the public, distributing only a few carefully […]