A data breach is an incident wherein information is stolen or taken from
a system without the knowledge or authorization of the system’s owner. A small
company or a large organization may suffer a data breach. Stolen data may
involve sensitive, proprietary, or confidential information, such as credit
card numbers, customer data, trade secrets or matters of national security.
Damage created by such incidents often presents itself as loss to the
target company’s reputation due to a perceived ‘betrayal of trust’. The damage
may also involve financial losses for the company as well as that of their
customers’ should financial records be part of the information stolen.
Other frequently observed breach methods include the following:
·
Insider leak: A trusted individual or person of
authority with access privileges steals data.
·
Payment card fraud: Payment card data is stolen using
physical skimming devices.
·
Loss or theft: Portable drives, laptops, office
computers, files, and other physical properties are lost or stolen.
·
Unintended disclosure: Through mistakes or negligence,
sensitive data is exposed.
·
Unknown: In a small of number of cases, the actual
breach method is unknown or undisclosed
Phases of a data
breach
Research
The attacker, having picked his target, looks for weaknesses to exploit:
the target’s employees, its systems, or its networks. This entails long hours
of research on the attacker’s part, and may involve stalking employees’ social
networking profiles to find what sort of infrastructure the company has.
Attack
Having scoped out a target’s weaknesses, the attacker makes initial
contact either through a network-based attack or a social attack.
In a network attack, the attacker uses the weaknesses in the target’s
infrastructure to get into its network. These weaknesses may include, but are
not limited to, SQL injection, vulnerability exploitation, and/or session
hijacking.
In a social attack, the attacker uses social engineering to infiltrate
the target’s network. This may involve a maliciously crafted email sent to an
employee, tailor-made to catch that specific employee’s attention. The mail
could be a phishing mail, where the reader is fooled into supplying personal
information to the sender, or one that comes with attached malware set to
execute once accessed
Exfiltrate
Once inside the network, the attacker is free to extract the data he
needs from the company’s infrastructure. This data may be used for either
blackmail or black propaganda. The information attackers collect can also be
used to execute more damaging attacks on the infrastructure.
No comments:
Post a Comment