Hannaford Bros. Co. has disclosed last week that an intruder stole 4.2 million credit and debt card numbers from the grocer’s system and did so by planting malware programs on the servers at each of its stores in New England, New York and Florida. All information collected was transmitted to a overseas destination, according to Hannaford’s general counsel, Emily Dickinson.
Hannaford offered no explanation as to how the perpetrators might have gained access to each of the company’s servers to plant the malicious code on them, however, the discovery of the mass malware installation prompted a wholesale replacement of Hannaford’s store servers.
This type of problem can happen the following ways:
- An attacker takes advantage of an undetected remotely exploitable vulnerability in one of the company’s servers to gain a foothold on its network and then planted the malicious code on all of the store servers.
- The perpetrators were able to break into Hannaford’s servers because of overly permissive firewall rules or because the grocer’s antivirus software failed
- An employee installed the malware
Items 1 and 2 are the more probable. I CAN’T STRESS THE IMPORTANCE of a secure Network; by way of system patches, updated Anti-virus software and updated Firewall firmware and rules.
Don’t let this happen to you. IF you aren’t completely sure that your network is secure, please contact me by email at: firstname.lastname@example.orgemail@example.com or phone me at (416) 464-1508. Together, Let’s make your network is as secure as possible.
RESQBug.com Technical Services and PRAD Enterprise
“Managing Your Technology for Improved Workplace Performance”
This article is for information purposes only. . It is recommended that individuals consult with a IT professional before acting on any information contained in this article. The opinions stated are those of Allan Waddington and not a reflection of any company he currently works with or has in the past.