Are you at risk from data manipulation attacks?
By Tim Bandos
A common assumption about cyber attacks is that they’re all about theft. But that’s not always the case, as data manipulation attacks illustrate. This type of attack is where cyber criminals access the target system and make undetected changes to data in order to elicit some form of gain, but without any outright theft taking place. Sometimes referred to as “the hack you might not notice”, they have the potential to cause immense damage.
The anatomy of a data manipulation attack
Here are a couple of data manipulation attack scenarios:
1.Hackers have managed to breach the data systems of a major car manufacturer, and have altered the manufacturing process to create faults to the car’s steering or airbag deployment systems.
2.A hospital’s electronic patient records are accessed and altered, changing drug prescriptions for seriously ill patients. Granted, these examples may be extreme, but they help illustrate the potential chaos that data manipulation attacks can create without having anything to do with theft.
Data manipulation attacks can also put serious questions marks against organisational trust and confidence. For instance, if a business finds source code or new blueprints have been compromised, trust can be affected at all levels, from employees to partners and customers. This kind of attack can put entire supply chains at risk. Attackers who introduce a product or design flaw far down the chain can significantly disrupt production or even result in the need to initiate a product recall, severely impacting the reputation and bottom-line of the business in question.
There’s also highly embarrassing incidents such as the one experienced recently by the sports brand Asics. An attack on their IT systems resulted in adult content being played for nine hours on giant television screens in their store on New Zealand’s busiest shopping street, making headlines worldwide.
Identifying and preventing attacks
Clearly, prevention is better than cure, but in contrast to many instances of data breach, where it’s usually fairly straightforward to establish whether sensitive information has been exfiltrated, it can often be far more difficult to identify whether important data has been manipulated. Organisations should be continually mindful of tell-tale activity which can indicate a data manipulation hack, such as edits to files at suspicious times, anomalies in system logs, and alarms on threat signatures to detect malicious behaviour.
But on a strategic level, strong endpoint visibility is undoubtedly one of the most effective ways to prevent data manipulation attacks from succeeding. That’s because if an attacker successfully penetrates a network, they’ll typically move laterally through the environment in order to locate the data they’re looking for. In that situation, it’s imperative that the security team can track the activity and progress of the attack and move quickly to prevent or mitigate it before it’s too late.
Process is also important. The MITRE ATT&CK Framework, for example, has seen increasing levels of adoption across the security community for some time now, and can be employed as a valuable defence against data manipulation attacks. Created in 2013, the framework is a comprehensive knowledge base of all known tactics, techniques and procedures currently used by cyber criminals. Among a wide range of processes, it covers tactics, techniques and mitigations to help organisations deal with cyber attacks.
Organisations can also benefit from employing endpoint detection and response tools to improve insight into data movement and user behaviour. Similarly, file integrity monitoring solutions can also play an important role in identifying and tracking real-time changes to things like folders, files, and other network settings. Effective strategies depend on IT teams developing robust and effective internal controls so they can properly audit relevant information and ensure they constantly have visibility of potential risks to their environment.
Depending on the nature of the attack, data manipulation is not only harder to detect, but has the potential to have even more devastating consequences than other types of security breach. Thankfully, we’ve yet to see an attack succeed on a global scale, but the number of incidents being recorded is growing steadily and consequently, organisations must be prepared with properly implemented tools and techniques and take a proactive stance against the risk of falling victim to a data manipulation attack.