2020/02/04 IT & Cyber-Security Solutions 763 visit(s)
Unlike attacks that try to steal data or those that hold it hostage with ransomware, data manipulation attacks can be hard to detect. Cyber criminals don’t always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on. Conventional wisdom says that once an attacker is in the system, moving laterally from network to network, the damage is already done. The hacker has found a way in and more than likely identified the data they’re after. They simply need to exfiltrate it, the last step of the kill chain, to land the final blow.
In some scenarios, however, it’s what the attacker doesn’t do that could have a more devastating outcome on the enterprise / business. Data manipulation attacks where an adversary does not take the data, but instead make subtle, stealthy tweaks to data for some type of gain, can be just as crippling for organizations compared to theft.
The ability of attackers to manipulate and shift data around is a real threat – one that could cause widespread financial and even physical harm as a result – if done successfully.
To understand it better, consider a theoretical example of the stock market. If an attacker were to successfully breach the IT systems and databases responsible for updating a stock ticker symbol and manipulate data to show a billion-dollar tech giant like Apple, Google or Amazon taking a nose dive, it would cause immediate chaos and panic would ensue. As a result, people will start selling their shares in a rush, which will produce losses to these companies and shareholders.
Data manipulation attacks don’t always have to result in a tangible financial gain. If an attacker managed to carry out a similar attack against health record information for patients in hospitals and altered critical data like drug dosages and prescriptions that need to be administered, it could result in sickness or even death.
A successful data manipulation attack can cause significant damage to any business, organization, or government department. After all, it will not only affect the bottom line, but also the company’s standing. In addition, a company’s consumer trust is broken after an attack. The purpose of these attacks is to disrupt three aspects of an organization: financial, reputational, and legal.
To combat these types of attacks, organizations need to ensure they have a powerful endpoint security solution on their IT systems so that if an outsider successfully penetrates a network, they’ll need to move laterally through the environment to find the data they’re after. It’s critical for incident responders or threat hunters to be able to follow in their proverbial forensic footsteps, to proactively hunt and detect this type of activity before something irreversible is done.
Cisco AMP for Endpoints effectively gives you full visibility over your network, analyzes malicious activities, and delivers proactive protection capabilities that close attack pathways and eliminate vulnerabilities. For more information Cisco AMP for Endpoints and how it can help your business, contact Ctelecoms experts today. We're among the top IT cyber security solution providers in Saudi Arabia (Jeddah, RIyadh and western KSA).