Another one bites the dust

By

Mapping the tragedy of the Hannaford breach in a post-mortem sense should be just as important to the grocery chain as the upgrade of the system.


Case studies in security breaches are interesting as they do not just expose a potential threat to customers or clients, but also expose the many vulnerabilities in a business' infrastructure both technical and managerial.

Recently, and close to home here in Vermont, it was reported that Hannaford's chain of grocery stores had malware installed on hundreds of servers which affected many of its stores.

However, during a security audit, it was reported that Hannaford was certified as security compliant. My question is, were any recommendations made during the audit? Was an upgrade scheduled if recommendations were made? What decisions were made to keep or eradicate such vulnerabilities?

What existing tools were updated? They met industry security standards, so what exactly did they need to do, maybe nothing? Remember, security is a PEOPLE problem, not simply a system problem.

The fallout that is now seen, as reported, is two class action lawsuits: 4.2 million credit cards compromised, 1,800 fraud cases linked…and counting.

Reports have also indicated that the sequence of events were as follows:

Data breach: December 7, 2007 (post attack finding)

Hannaford discovered breach: February 27, 2008

Hannaford contained breach: March 10, 2008.

In the two week period between discovery and containment, what happened? And why so long to containment?

The complexity and magnitude of this attack smacks of insiders, outsiders, and traffic patterns that could indicate some kind of problem. Here comes the rest of the iceberg…It just seems that it was a long time from discovery to closure on this one.

Mapping the tragedy in a post-mortem sense should be just as important to Hannaford as the upgrade of the system. I trust this happens each and every time there is a security breach anywhere (she says hopefully).

Let's rewind to our first security course:


  1. Try to prevent disasters in a proactive manner, do not plan on managing the disaster reactively.

  2. Do NOT ignore IDS alarms, train your IDS properly, and understand what constitutes “normal” behaviour for the network.



Hey, somebody close that barn door already will ya?



Danielle Zeedick is a professor of information assurance and program director of the Bachelor of Science in Information Assurance at Norwich University in Vermont.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
anotherbitesdustonesecuritythe

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?