Data breach refers to unauthorized data access from the system without awareness of the owner. In other words, a data breach is a disclosure of secure information or data leaks done intentionally or unintentionally.
Data breaches may contain financial information like bank details, personal health information (PHI), plastic cards, Intangible Property, Personal Identification Information (PII) like social security number or trade secrets of corporations.
Following are some techniques hackers use for potential data breaches.
1 Phishing
Phishing is the attempt to acquire sensitive data such as name, passwords, and credit card and debit card details or money, often for malicious or harmful reasons, by masquerading as a trustworthy entity or element in electronic communication media.
There are different phishing techniques to obtain personal information from users. With technology getting advanced, the phishing techniques being used are also getting more advanced.
Following are some phishing technologies being used.
- Email / Spam: Hackers are used email phishing techniques and may send the similar email to millions of users as well requesting them to fill in their personal details. The hackers for their illegal and malicious activities will use this information. Most of the messages have some urgent note to grab user’s attention, which requires the user to enter his/her credentials to update account information, change personal details, and verify current account details. Sometimes, they may be requested to fill out some kind of information form to access a different service through a link, which is included in the email.
- Web-Based Delivery: This technique is one of the most sophisticated phishing techniques also known as, man-in-the-middle attack, the hacker resides in between the phishing system and the original website.The hacker traces details at the time of a transaction between the legitimate website and the transmitting user. As the user continues to pass information, the hacker sniffs it and the user is completely unaware of it.
- Instant Messaging: In this technique, a user receives a message with a link leading them to a fake phishing website, which pretends to be coming from the legitimate website. If the user does not look properly at the URL/address, it can be hard to decide the difference between the duplicate and actual websites. Then, the user is expected to offer personal information on the page and unknowingly user provides all the details, which are delivered directly to the hacker.
- Link Manipulation: The hacker presents a link to a website by some means in this technique. When a visitor clicks on the deceptive link, it opens up the hacker’s website in place of the site shown in the link. One of the techniques used to prevent such sort of link manipulation is to get a mouse over that shown link to view the actual address; the tooltip will display the actual address before you click it.
- Key Loggers: This phishing technique focuses on the input keys from the keyboard, pressed by users, and hacker records these key presses to identify the login details or any private information inserted by the user.
- Session Hacking: The hacker exploits or manipulates the servers session management mechanism.
- System Reconfiguration: The phisher will send the message to a user to set default settings or rebuild it to manipulate.
- Content Injection: The hacker changes the part of the content on the web page to mislead the user.
- Phone Phishing: The phisher calls the user to gather details from him or to dial up some confidential details.
2 Buffer Overflow
Buffer overflows are a favorite exploiting technique of the hackers. In computer security or programming terminology, a buffer overflow is an anomaly where program exceeds the buffer boundary while inserting/writing data into the buffer and overwrite the adjacent memory locations.
Buffer overflows can be set off by inputs that are planned to execute code or modify the way the program operates which results in erratic program behavior including memory results, incorrect results, or crash.
Buffer Overflows can be categorized into two main categories, stack based and heap-based. A real stack based attack would try to place the address of the top of the stack instead of the return address, followed by some scary lines of assembly code, such as a call to another tool. If the program runs it with high privileges, then the tool will execute with the equal priority level. Even better, for the attacker, the entire procedure requires the transmitting of a tiny script program.
Programs use dynamically allocated memory like the stack. A vulnerable program uses a call to something like ‘strcpy’ (a command to copy input) into a buffer, allocated on the heap. The input, larger than the buffer will overwrite data on the heap. The program will not always crash only, but it will also not behave as expected and advertised. A hacker observing this behavior then tries various inputs until they find a way to corrupt the stack/heap. Once the stack is corrupted, then the attacker can get arbitrary code snippets executed.
3 Stealing Password
Also known as password cracking is a process of recovering the passwords data that is stored in or transmitted by the PC system. The aim of password cracking is to obtain unauthorized access to the user’ system and ultimately gather data from his computer system. Following are the most used attacks by hackers to get the password access.
- Brute Force Attack: A hacker employs a computer program or script to attempt to log in with probable password combinations, beginning with the easy to remember passwords.
- Dictionary Attack: This attack is a process for breaking a cipher or verification mechanism by trying to find its decryption / private key or passphrase by trying hundreds, thousands or sometimes millions of possibilities, such as words in a dictionary. A hacker uses some sort of program or script to try logging in by looping through combinations of common words. In the contrast, using a brute force attack, where a large proportion of key space is searched systematically, and a dictionary attack tries only those possible keys, which are with the higher possibility of success, typically derived from a list of words, for example, a dictionary.
- Key Logger Attack: An attacker or hacker uses a program to track all of a user’s Therefore, at the end of the day, everything the user has typed including their credentials (login IDs and passwords) has been recorded. A keylogger attack is different from a brute force or dictionary attack in many ways. Not only that, the key logging program used is kind of a malware or a full-blown virus that must first settle it onto the user’s device, often the user is tricked into downloading it by clicking on a link in an email. Keylogger attacks are also different because strong passwords do not provide enough security against them, which is one reason that multi-factor authentication (MFA) is becoming a must-have for all businesses and organizations.
4 SQL Injection
SQL injection is a code injection method, used to attack data-driven applications, in which malicious SQL statements are submitted into an entry field for execution and fetching the results. Such SQL attacks exploit the vulnerable security, vulnerabilities, and breaches in the application or system.
SQL injection allows attackers to play tricks with identity, interfere with existing data, cause rejection issues such as voiding transactions or changing balances, violation of the rules, allow complete disclosure of all data on the system, destroy the data or make it unavailable or misplaced and become administrators of the database server. They take benefits of the REST requesting systems for gathering or manipulation of the data of any web services.
5 Trojan Horse
Trojan horse is one of the most serious threats to any computer security systems. Trojans are executable programs, so when you open the file, it will perform or execute some action. A Trojan horse is named because it fools or tricks you in some way to be executed in the first place somehow.
Trojans can be spread in the aspect of literally anything people find desirable, for example, a free game or movie or song etc. Victims generally downloaded the Trojan from a World Wide Web or File Transfer Protocol archive repository, got it through peer-to-peer using IRC or instant messaging or Kazaa etc., or just opened some email attachment without care, which downloads the Trojan into the system. Trojans usually do their damage silently in the background. The first time user comes to know about his/her infected system when the other system owner tells him/her about infecting them.
Below are some ways in which, Trojan can happen.
- Look Identical: In Windows OS, .exe programs have file extensions like similar to .bat, .exe, etc. Some actual Trojan file names include: dmsetup.exe
- Documents can be programs too…!: Many document types have some kind of macro support – the ability to place a program inside the document itself, which will be executed when the document is opened. It is surprising that how many programs have this kind of capability like all Microsoft Office programs, Adobe Acrobat Reader, and many others all can execute a program from within a document.
- A format is not meant to be executable: There have been developments in the number of attacks that target weaknesses, the way particular programs manage a file. Even few file types like audio files, image, or picture files, video files are being used to spread infections – without a macro language or other in-built methods to consider program code in the file.
6 Wireless attack
Wireless attacks are very common security threat when securities come in the picture of networks. This is because this kind of attacks can easily get a lot of information being sent across the network and uses it to commit some malicious deeds or crimes in other networks. Every wireless network is vulnerable to these kinds of attacks and it is very important that all required security precautions should be taken to prevent these attacks. Wireless attacks are normally carried out to target some information being shared through the networks.
Wireless attacks can be categorized into different categories but some of them are listed below:
- Rogue access point
- Wireless signal jamming attack
- Pre-shared key guessing
- Frame Injection attack
- Denial of sleep
- Collision
- Desynchronization attack
- Flooding attack
- Reply attack
- Selective forwarding attack
- Unauthorized routing update attack
- Wormhole attack
- Sinkhole attack
- Traffic analysis attack
7 Malicious software attack
Malicious software (malware) is some software that gives partial to total command and control of your computer system to do whatever the malware creator wants to do. Types of Malware can be a virus, worm, Trojan, adware, spyware, rootkit, or something like them causing issues. The damage done by malware can vary from something slight as changing the author’s name on a document to full command and control of your machine without your ability to find out the issue.
Most of the malware requires the user of the system to initiate its operation. Some nature of attacks contains attached documents or files in the mail, visiting a malicious website that installs some software after the user clicks OK or AGREE on a pop-up, and from vulnerabilities in the OS or programs. Malware is not limited to one operating system.
Once a malware makes its way into a computer system, they begin to damage the system’s boot sector, data files, installed software and even the system BIOS. This further corrupts your files and your system might shut down as well. These kinds of malicious programs are specially designed for spreading and perform damage in a system.
Writing malware is not a hard task, and thousands of them crawl in almost every computer system. There are many ways through which a malware can enter into your system. Some of them are as follows:
- Social networks: When you are surfing on the internet, be alert about third-party software and applications promoted to download. Even when you use social networking sites be aware and careful to give approval to third-party applications for using your profile or other information.
- Pirated software: Malicious codes also spread in a computer system through pirated software. In most cases, software seems to be authentic when you try to download them, but it may harm your system.
- E-mails: When you read emails, the malware spread through attachments of those emails, so it is always better to scan them prior to downloading.
- Removable media: USB drives are another general way by which malware attack and spread in a system. Even systems in any computer lab might be infected with malware and when you transfer files from an infected system to your system with USB drive, the infection enters your system as well.
- Websites: There are many sites, which are infected with different malware already and they enter your computer when you visit them.
8 Fault Injection
Fault Injection technique is now a consistent cause for concern, they have been around since the birth of the internet. Enabling malicious access into network or computer system, they frequently go virtually unnoticed with the extensive growth in the number of applications, and to greater extent applications are migrated from the Web for these application injection attacks have become a worried concern some fault injections are script-based and using languages like JavaScript and PHP. With new Web 2.0 technologies depending on scripting languages, the injection attacks have become more often and more sophisticated. The range of Web 2.0 technologies considers XML, RSS, and AJAX, all of them can hide suspicious malicious injection code.
9 Denial of Services
A Distributed Denial of Service (DDoS) attack is an attempt to make the online service unavailable by sweeping it with traffic from multiple sources.
10 Exploiting Defaults
Nothing makes attacking a target network easier when that target is using the default settings or credentials by the manufacturer. Many attack tools and exploiting codes can guess that the target is configured using the default settings. So, one of the most effective and often overlooked security precautions is simply to change the defaults.
Conclusion:
Hackers at present are using the above techniques in vast manner, which can cause severe damage to company sensitive data and other assets. Growing hacking creates a dilemma situation for individuals and organizations. Even organizations are putting fewer efforts to secure their server and network compare to the spike in cyber-attack techniques. Apart from other steps, one of the most useful techniques to avoid such cyber-attack is to patch software regularly and train every level of employees in organizations.
