Researcher Disputes Use of BlackPOS in Home Depot

Scmagazine.com reported during third week of September 2014 quoting a security researcher as claiming "contrary to reports of BlackPOS malware being used against American retailer Home Depot, it does not seem to be the part of the same malware family."

Scmagazine.com published news during third week of September 2014 quoting a blog post by Josh Grunzweig, Principal Security Consultant of search company "Nuix, the samples of malware differ too much."

Security Journalist Brian Krebs of blog post Krebsonsecurity.com reported during second week of September that customer card data of Home Depot was targeted by a new strain of BlackPOS which was apparently similar to saboteurs wielding malware used during last December.

Grunzweig identified BlackPOS as authored with a Windows sub-system but the believed variant was penned with a console option. Moreover, installation methods of malware samples were dissimilar together with techniques employed to conceal dumped card information and exfiltrate embezzled information. He added that BlackPOS also lists processes in a different way from the malware responsible for breaching of Home Depot.

Grunzweig broke down the malware and concluded that these were not coded by the same people.

The target was attacked with BlackPOS but Home Depot was attacked with a malware having different techniques to copy stolen data to another location on the network of the victim before sending it to the hackers.

Moreover, the malware used different techniques to identify card data after swiping of payment cards and also different executable was used to run the malware.

Grunzweig said that everything was different under the cover and these were not part of the same family of malware.

The Target breach which happened during holiday shopping season in last year exposed more than 40 million credit and debit card accounts. Home Depot reported that this week the attack on its payment systems affected all stores in Canada and U.S. which service millions of customers yearly.

Home Depot did not disclose the number of affected accounts of payment card. The data breach will cost the company $62 million and is expected to put 56 million of payment credit/debit cards information at risk.

» SPAMfighter News - 10/13/2014