We are learning more about the Home Depot breach and it is beginning to show a remarkable resemblance to the Target breach. The initial point of intrusion again appears to have been compromised credentials from a trusted third-party business partner.
Once the attackers were inside the network they were able to gain access to the main Home Depot network by taking advantage of a vulnerability on an unpatched Microsoft server. Once inside they were able to escalate their permissions and move throughout the entwork and were able to deploy point-of-sale malware on more than 7,500 self-checkout systems.
Although the initial intrusion into retail networks differs slightly, there is a common pattern emerging with regards to the lifecycle of the intrusions as illustrated above. Retailers should ensure that they are properly segmenting their networks, controlling who has access to their networks and making sure they have a vulnerability management program in place to monitor their internal network as well as the perimeter.