Malicious data breaches – and what you need to know about them
Introduction
A data breach is a security violation, in which an organization, institution or individual’s confidential data is compromised by a conscious act of malice on the part of an authorized or unauthorized person or set of persons. The act will almost always involve the misappropriation of sensitive, protected or confidential data which is stolen for the purpose of financial gain or damage. Also commonly referred to by such terms as data leak or data spill, data breaches occur in a variety of ways. The results of a data breach can prove devastating to organizations, bringing financial ruin, loss of investor confidence, and occasionally, bankruptcy. In the case of governmental organizations, data breaches can compromise national security.
The what, when, and how of data breaches
Data breaches occur when an attacker exploits a vulnerability in the system, phishes, steals credentials, or is an insider threat. Based on the manner in which they occur, data breaches can be categorized into the following types(1):
- Credentials capture – the capitalization of inadvertently left-behind credentials in code repositories and source codes which are read subsequently by attackers to effect a data breach
- Exploitation of system vulnerabilities
- Interception and ‘eavesdropping’ of unencrypted network traffic
- Human error in the nature of ignorance, negligence or willful disregard for security protocols. It is estimated that almost 88% of all data breaches are caused by human error. Human error can also extend to being ‘taken in’ by phishing or social engineering
- Hacking of network infrastructure
- Negligence or a disgruntled employee could purposely or accidentally disclose data by falling for phishing or social engineering.
- Insider threats where employees or ex-employees steal data for financial or other reasons
- Physical attacks in the nature of stolen devices and credentials
Malicious-intent data breach
While it can be argued of course that malicious intent is inherent in all the foregoing cases, as the purpose is to defraud or cause damage to the victim, we are, for the purpose of this article, discussing data breaches caused by malicious intent separately, as they constitute special circumstances under which the data breach occurs.
Malicious attacks vary in their intensity and are driven largely by the purpose for which the attack is perpetrated. These characteristics are evident from the nature of the attack. A social engineered attack, for example, may impact only the user who is gulled into taking up a fictitious offer posted, while malware on the other hand can have a huge impact on the organization that is attacked.
A few commonly used malicious methods include:
Social Engineering:
Also known as phishing, social engineering can take the form of a message or an email assuring benefits to the user and inviting him to click on a link. Verizon’s 2022 Data Breach Investigations Report says that ‘pretexting’ accounted for 27% of Social Engineering breaches, almost all of which are cases of Business Email Compromise (BEC). 2019 witnessed their highest level since the year 2016, says Forbes.
Based on the nature of its target and resultant scale of impact, Social Engineering is categorized as Whale Phishing where the attacker tries to gain access to company data, and Spear Phishing which is targeted at individuals. Phishing attack statistics tell the full story about the phenomenal increase in this form of malicious intent. Cybertalk.org (2) says that roughly 15 billion spam emails make their way across the internet every day, which means that spam filters are “working overtime” in an attempt to keep out the threats. 2021 saw 83% of organizations experiencing phishing attacks. The response of users is worth noting – and worrying about. The report says that 30% of phishing emails are opened, with 42% of workers self-reporting having taken a dangerous action after opening the emails. The US Federal Bureau of Investigation says phishing attacks may increase by as much as 400% year-over-year.
Brute force:
Fortinet (3) defines Brute Force attacks as a hacking method that uses multiple trial and error authentication attempts to forcefully crack passwords, login credentials, and encryption keys to gain unauthorized access to individual accounts and organizations’ systems and networks. Of late brute force algorithms are also being deployed, applying computing power to churn out possible usernames and passwords.
Brute force attacks are of the following types
- Simple Brute Force Attacks where the hacker randomly tries to guess the username and password
- Dictionary Attacks where the hacker uses a time-consuming process of identifying possible words from the lexicon and combining it with special characters in the hope of striking the right combination
- Hybrid Brute Force Attacks which are a combination of brute force and dictionary attacks
- Reverse Brute Force Attacks which involve a hacker starting out with a password that has come into his possession through a security breach, and tries to hit upon a user name.
- Password spraying where the hacker uses a limited set of passwords and tries to apply them to multiple accounts in the hope that matches will be found
- Credential Stuffing where the hacker has already obtained the username and password to an individual/organization’s account, and now tries to extend it to other accounts, in the hope that the same credentials are in use.
Brute force attacks continue to rise. So far in 2022, the US has witnessed a 32% increase (4) in brute force attacks on Windows Servers with the entire world experiencing an equally alarming 16% increase over the previous year.
Unpatched software:
Unpatched software is software that lacks the new patches made available from vendors and developers, due to tardiness in applying them across user’s devices/network. Unpatched software and the resultant exploitation of system vulnerabilities by hackers are an increasing cause of data breaches. ZDNet (5) says that one in three data breaches are caused by vulnerabilities exposed by unpatched software. The article goes on to report that software patches are not always applied on time. Just 1% of respondents reported ‘immediate’ application of patches, while 7% said the patches were applied within a week. However, the patches continue to pose a problem for SOCs with vendors turning out patches monthly, calling for round-the-clock attention to updating of patches.
Malware:
Malware, or malicious software, is software designed to take charge or disrupt its victim’s computer infrastructure, generally by posing as harmless files or links. A few commonly used malware include ransomware, viruses, rootkits, trojans, spyware, keyloggers, and bots. Identified malware types have spiraled beyond imagination. Malware is on the increase, with automated bots leading the lot of malware software being used. From 28 million types in 2010, the known number of malware reached an astronomical 678 million 10 years later in 2020. Statista (6) puts the figure of malware attacks in 2022 at 5.4 billion cases globally, with as much as 71% of the attacks aimed at organizations in the corporate sector.
Conclusion
CISOs, SOCs and Cybersecurity teams clearly have their hands full with the proliferation of malicious attacks in various forms. From firewalls to vulnerability assessments to timely application of patches to awareness and discipline on the part of employees, organizations are up against the wall to prevent and remediate data breaches. No one approach can provide the solution to cybersecurity issues, but perhaps a good way to start is to work persistently at reducing the possibility of human error.
Forbes (7) puts the issue in perspective, revisiting some basic core principles for organizations.
- Build security into products and business processes by default, not as an afterthought
- Plan not only for a security attack but for mitigation measures
- Know your system inside out, especially the vulnerabilities
- Keep your cybersecurity lean, fully functional and transparent
- Tools, automation, and people working together give the optimum results in terms of productivity and responsiveness
- Establish ownership so cybersecurity is a culture and a movement
Forbes sums up – this will ensure data breaches become improbable and not inevitable!
Aurora with its suite of security assessment solutions and professional services can serve as your complete cybersecurity partner for identification and remediation of data breaches.
For more information, email sales@aurorait.com or call +1 888 282 0696
References:
- Proofpoint : What Is a Data Breach? – Definition, Types, Prevention | Proofpoint US
- org : Phishing attack statistics 2022 (cybertalk.org)
- Fortinet : What is a Brute Force Attack? | Definition, Types & How It Works (fortinet.com)
- Syspeace : 32 Percent Increase in Brute-Force Attacks in USA | Syspeace
- ZDNet :Cybersecurity: One in three breaches are caused by unpatched vulnerabilities | ZDNET
- Statista :Malware – statistics & facts | Statista
- Forbes : Creating A World In Which Data Breaches Are Improbable, Not Inevitable (forbes.com)