It has been reported this morning that Whole Foods has been hacked- the popular grocery chain recently acquired by technology giant Amazon, suffered a data breach that saw hackers gain access to credit card data of customers who made purchases at some of its in-store taprooms and restaurants. IT security experts commented below.
Andrew Clarke, EMEA Director at One Identity:
While we don’t know the details yet behind the Whole Foods case, we do know through experience that although organisations are taking steps to safeguard confidential data, it is usually accessed by the attacker gaining administrative privileges – sometimes this is default admin credentials on an internet facing device & occasionally through data stored in the cloud. It can also start through an unpatched vulnerability being exploited to gain access to a specific system, where through lateral movement, the attacker can then gain access to more significant servers and on the way discover admin or privileged accounts that help them with the exploitation.
The end result is always the same – the attacker finds an open door; steps through and then gains increased access to systems until the goal is achieved and the data he desires is off-loaded for them to use. We do have security technologies available today that help to mitigate the risks. After scanning for vulnerabilities and ensuring that all systems are adequately patched; placing administrative passwords in a secure and trusted safe or electronic vault – referred to as privileged access management – the processes are then in place to mitigate the underlying risk that defend the domain from malicious attackers.”
Mark James, Security Specialist at ESET:
“Really!”- I hear you say “surely there is no data left to be hacked!?”
So much of our data seems to be leaking onto the internet that another load won’t make a lot of difference, right? Wrong.
Every single piece of our data that makes its way onto a criminals list or into a database, of our most precious, private data, is another attack vector for a malicious actor. Cancelling our credit cards is not hard- usually if we have not been completely negligent ,then getting the funds refunded is also not difficult- but trying not to get scammed, or be a victim of a phishing attack is not so easy!
Even though Whole Foods (WF) may not in themselves ring bells, when the email arrives their association with Amazon may be the big draw here. It’s quite probable we will see phishing attacks using both brand names trying to get you to follow the link or download something to “verify” your details. As with all cases like this, be very vigilant about keeping an eye on your finances- small transactions might just be criminals testing the card to see if it works. If you find anything out of the ordinary then contact your bank immediately.” IT security experts commented below.
Stephen Moore, Chief Security Strategist at Exabeam:
As long as cyber criminals stand to gain from these attacks and the methods to detect and disrupt them don’t improve, they will continue to persist and succeed. To bolster their defences, businesses need a means to understand what normal user behaviour looks like, so there can be an early indication of compromise when unusual behaviours occur. This might include system access, beaconing, or file uploads. In many recent payment system attacks, customer credit and debit card information has been collected and removed, and this activity has remained undetected by the affected companies for some time.”
John Suit, CTO at Trivalent: