Hacker mindset: why exfiltrate or hijack data to inflict damage when manipulating the data can cause even more severe harm?
Every day, we hear about the new “innovative” ways that hackers use to infiltrate devices to inject ransomware or steal invaluable data. But have you heard of data that is not stolen or hijacked, but manipulated instead?
Last year, a group of security researchers in Israel revealed that they managed to trick doctors into misdiagnosing patients by hacking into and tweaking the scans produced by a hospital’s X-ray machine. This type of data manipulation can cause misdiagnosis and mislead patients of their true health conditions.
However, the ramifications could be even greater in a different context. In the current pandemic climate, as all of us band together to fight the spread of Covid-19, threat actors are employing data manipulation techniques that could wreak havoc on a much wider scale. As such, it becomes even more pertinent for us to understand these techniques to combat it effectively.
Motivation behind data manipulation
Confidentiality, integrity and availability—the “CIA Triad”—are well-known principles that form the foundation of an organization’s security infrastructure. Through data manipulation, hackers are now able to launch attacks that call into question the integrity of data.
In the now well-known context of general elections, data manipulation (in concert with social engineering) can undermine or weaken the institutions of democracy and subvert the intentions of the electorate. They would not only able to alter the political course of an entire nation but also impact regional and global political relations.
In the area of e-commerce, hackers can also disrupt business transactions during retail events like Black Friday or 11.11 sales. By showing more traffic in a possibly dormant part of the site during these shopping events, hackers would cause the site algorithms to divert more resources to that segment of the website. This would inadvertently lead to potential financial losses for both the e-commerce platforms and vendors.
These data manipulation attacks can be further simplified through the use of bots, making it even easier for hackers to launch such attacks. For instance, there have been past instances of hackers using metadata to create “disinformation” bots that are highly adept at impersonating human behavior and creating disinformation campaigns on social platforms.
With a myriad of bots at their disposal, hackers can easily tweak a “disinformation” bot to insert it in any system and puppeteer the data to their advantage.
These are just some of the ways that data manipulation attacks can be launched against individuals, organizations and even nations. However, such attack vectors are not the sole motivation for data manipulation. In fact, human error—unintentional in nature—would be one of the leading causes for this. Other causes include unintended transfer of data, or even compromised hardware, that could corrupt the data.
Countering data manipulation attacks
It is imperative for organizations to understand that the integrity of data needs to be protected and uncompromised while in use, when being transferred between individuals, or when being stored on devices or in the cloud. Beyond this, it is also critical to understand how the data is being generated and to assess the integrity of the data source.
Organizations should have a clear system to classify and record data. This record would come in handy to IT teams as they strategize and implement counter measures and define access rights for the various data sets.
The countermeasures that organizations can implement to achieve end-to-end protection throughout the data journey include not only data encryption, but also audits. Data audits help profile an organization’s data and assess its impact on performance and profits to determine the level of security measures that should be put in place. Organizations should also introduce intrusion detection systems to pinpoint external threats that are targeting their data.
From a user access point of view, it is crucial for organizations to introduce strong authentication mechanisms and access controls to ensure that only authorized users have access to. It is also important to apply version control across the entire system for greater visibility on who is making what changes to the data. Digital signatures in emails can also go a long way in ensuring data integrity by guaranteeing that there is no deniability on the part of a sender or recipient when it comes to the transmission of the data set.
As the world becomes increasingly connected with the advent of 5G networks and proliferation of IoT devices, data generation will grow by leaps and bounds. What this means is that the impact of a data manipulation attack can have serious repercussions on digital transformation or smart city initiatives. As such, it is paramount for organizations to prepare against this new strain of attacks while it is still in the nascent stages of deployment.