Popular US DIY store Home Depot recently disclosed a data breach, first reported by Brian Krebs here: http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ The revelation came when banks started pointing to the store as a possible origin of stolen card data. Commenting on the breach, Russ Spitler, VP of product strategy for AlienVault, said the following:
"Hackers are certainly not worried about any potential changes in our credit card infrastructure. When a fox sees a hen he doesn't think of the eggs ...
"We are seeing a stark reality of the economic incentives the hackers are exploiting. Major retail chains are easy targets because they have not invested in cybersecurity. Banks are no longer easy targets, they have fortified themselves and even built protections for their consumers, but point of sale systems originally designed and built years ago are easy places to grab a foothold. Hackers are focusing on retailers because 'that is where the money is' - it is the easiest target with the greatest reward. These criminals are doing the cost analysis of the investment they need to make to breach a target and what they are going to get in return. We have just seen reports of incredibly sophisticated attacks against major wall street banks - customised malware and long campaigns - if that is what it takes to break into a bank, no wonder the bigger breaches are focusing on the less sophisticated targets with just as large an economic potential."