More details available as to how the breach occurred at Heartland resulting in potentialy the biggest breach ever of nearly 100m credit card transactions. Investigators discovered that a piece of malware was hillden in an unallocated portion of disk on one of the Heartland servers.
What puzzles me though is;
- How did a user have the rights to install the malware on the system? Was it an administrator that was duped into loading the malware?
- Why did the monitoring of the logs on the servers not detect any strange behaviour?
- Where was the pilfered data being sent to? If external to Heartlands network surely egress filtering or monitoring of outgoing traffic would have flagged the suspicious behaviour?
The CEO of Heartlands has also said that if other payment processors who had previously suffered breaches had shared their experiences then maybe Heartland would have been better prepared to prevent this type of attack. It will be interesting to see if he live up to his own statement and publishes details of this attack so others can learn from it.
Do take the time to read the article as it is a fascinating read into how the breach occurred.