Data Manipulation: The Next Level of Cyberattacks
Today cyberattacks aim to steal information or hijack infrastructure. While these threats are damaging enough, nation states and bad actors are not resting on their laurels. Next up in their nasty bag of tricks is blowing a hole in data integrity via unauthorized data changes, planting false information, changing sensor reads, and other data modifications and entanglements sure to create chaos and even death. While any data validation tool, such as blockchain, will likely prove helpful, tools that can spot and stop these attacks will be doubly so.
Data Manipulation Evolution
Attacks on data integrity are not new. But the tactics and targets have changed over time making such attacks harder to spot and even harder to stop.
“Unfortunately, attackers changing data is not new — attackers have taken advantage of web pages with cross-site scripting vulnerabilities to modify prices on e-commerce sites for years,” says Carolyn Crandall, chief deception officer at Attivo Networks. “However, when attackers successfully bypass perimeter defenses and modify data instead of just stealing it, the changes often go unnoticed until something goes wrong.”
Today, attackers are getting increasingly crafty about how many ways they can use data manipulation to change things to their liking.
“In 2016, voter fraud stepped into the limelight— it’s a prime example of this type of attack,” says Guy Rosefelt, director of product management for threat intelligence and web security NSFOCUS. “Last year, a group of children as young as 11 years old demonstrated at DefCon how easy it would be to change posted election results, which is something that happened in a Ukrainian election by Russians hackers.”
Like other evolving and increasingly sophisticated cyberattacks, it’s hard to tackle newer forms of data manipulation early and head-on. These attacks are built from the ground up to thwart common protection tactics and to adapt in unexpected ways in order to continue to survive.
“The problem with the newer, more subtle and clever approaches to data modification is that the malware often manifests itself at a future time, rather than being immediately obvious in production and detectible by production-oriented security tools, the predominant focus of the security industry,” explains HotLink‘s CEO and founder Lynn LeBlanc. HotLink works with MSPs on data backup reliability, resiliency and recoverability.
“At the same time, security vendors universally warn customers to keep their backup systems up to date as a last line of defense against the attacks that evade tools running in production. However, there’s an obvious flaw with this logic,” LeBlanc added. “If latent malware evaded the front-end protection environment, the very same malware was inherited by the data protection system. Thus, the backup/DR system has also been compromised.
This approach could potentially enable attackers to time their…