Posted by:
admin
11 years, 4 months ago
From the Register.
As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot's security partners
Oh, sounds sophisticated. What could they have done to protect against that?
Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices. The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada.
Hmm, well actually that's not that sophisticated is it. This attack could easily have been stopped.
As Chris Wysopal of Veracode stated:
Enterprises should adopt 2 factor authentication for vendors who require access to their corporate networks and applications.
Indeed. There's no reason not to. Two-factor authentication is affordable, easy to implement and can be kept completely separate from your internal Active Directory infrastructure using standard authentication protocols like RADIUS. There's no enterprise-class remote access solution that doesn't support RADIUS (by definition). I doubt Home Depot is using Netgear boxes from Best Buy. Oh wait, some Netgear boxes do support two-factor authentication!
Share on Twitter Share on Facebook