Among the more frustrating aspects of cyber security is the constantly evolving nature of the threat and the multitude of data breach attack techniques. One vulnerability is patched only for another to be found/created; one technique is foiled only for a different tactic to arise. Here we give a brief discussion of motivations and offer a list of the ten most common cyber attack/data breach techniques. Hat tip to the incomparable website Hackmaggedon.com which has been tabulating and compiling cyber attack reports for several years.
There were over 850 data breach attacks in 2017, many of which led to theft of customer personal and financial information. Not only is the number of breaches on the rise, but costs are rising, too. The New York Times reported that, through March 2017, Target spent more than $202 million on settlements, legal fees, and other costs following the November 2013 breach. Anthem Inc, the largest U.S. health insurance company, recently agreed to pay $115 million to settle hundreds of lawsuits stemming from a 2015 hack of customer information.
Cyber Attack Motivations
In general, at a broad level, one can identify several motivations for cyber attacks. The owners and operators of Hackmageddon.com offer these four:
- Cyber crime
- Cyber warfare
Nearly three-fourths of cyber attacks are criminal in nature, an attempt to directly steal money from financial accounts, steal credit card numbers, demand a ransom, or something similar. The hack on Target stores in 2014 is a typical example. Cybercrime is, by far, the largest concern for businesses and certainly the focus of regulators.
Close behind is Cyber-espionage. These attacks, of course, are efforts to gain access to trade secrets and other confidential business information. A widely-reported example from March 2017 was the theft from Dun & Bradstreet of a 52GB database containing data on 33.7 million people in the highest profile industry and government jobs. Dun & Bradstreet is reported to have paid a substantial sum for the database which was used for targeted email promotions; it was a substantial loss to Dun & Bradstreet to have the database in the hands of its competitors. Where motivation can be determined, in any given year, these types of attacks are 10-15% of the total.
Hacktivism is often in the news, but is generally ignored and/or overlooked by businesses since the purpose of hacktivism is social or political, not financial. As an example, in February of 2017, an anonymous hacking group targeted and shut down various dark web sites that were purportedly hosting child pornography. As with cyber-espionage, the total number of attacks is low. These types of attacks are 10-15% of the total, ebbing and flowing in various countries with various election cycles.
Cyber warfare is defined as either government sponsored attacks or cyber attacks that are intended to just cause chaos. Essentially, a generalized war on the internet and flow of information. These are, year-to-year, the least frequent types of attacks.
10 Common Data Breach Attack Techniques
As noted, attack techniques are constantly evolving. A list of the most common techniques from 10 years ago would look very different than the list for the last couple of years. This evolution is not only code driven, but device driven. Android mobile devices have become significant targets of cyber crime and, thus, the number of techniques used for breaching mobile devices has multiplied.
Here the top 10 attack techniques for the last couple of years:
- Malware/point of sale: Probably a third of all attacks target point of sale terminals with the intent to obtain credit card and debit card information; Home Depot and Target suffered such attacks.
- Ransomware: This form of attack saw significant increases in 2017 (example: WannaCry). Malware generally threatens ether to publish secret or embarrassing data or to perpetually lock out the victim from his or her own computer systems unless a ransom is paid; another variant is to demand ransom to hide the existence of the data breach itself — example Uber
- Account hijackings: Individual, business, and now more common “cloud account hijackings” — email, computer, system accounts are hijacked to allow theft of personal and financial information; can be the basis for transferring money directly from financial accounts, using credit and debit cards or ransom demands.
- Structured query language (“SQL”) code injection: Database sites and applications are particularly vulnerable to SQLI attacks since they are designed to allow searchability and interaction from the internet; if not properly protected, hackers can change coding, which is sent to the database server through the web application; this can, for example, allow access to the server without the need for a passcode, which then can allow the hacker access to linked/non-segregated systems/networks, etc.; this can allow uploading of malware, hijacking of accounts, and the like.
- Denial-of-service: Singular or distributed — the main type of attack used in cyber warfare and, often, hacktivism; hackers send a flood of traffic to the victim’s system or website from hundreds, thousands, or potentially hundreds of thousands of sources; the intent is to overload the victim’s traffic and bandwidth causing the system to shut down and the site to go offline; often accompanied by efforts to sneak in trojans and other malware under cover of the mass of traffic.
- Domain name server (“DNS”) hijacking: Hackers either infect the system so that internet queries are redirected to a domain name server controlled by the hackers; this is a version of domain name theft; intent is to steal web traffic or financial information via false “enter payment information” pages or to trick webusers into downloading malware.
- Malicious cross-frame/Java Script: Similar to DNS hijacking; malware loads a legitimate looking page on the victim’s computer/device to steal data that the user inputs or to send the user to a website/page that the hacker controls.
- Zero-day vulnerability: A new dispersal technique; malware is often mass dispersed across the web; however, zero-day dispersal is new; malware that targets a program or system vulnerability is released but activation is “held back” until the vulnerability is discovered (the so-called “zero day”); the malware is programmed to immediately complete its task — theft, breach, download of malicious code — on the “zero day”; because the malware does not activate immediately, it may gain wide circulation before the zero day.
- Brute Force: No deception, just blunt force automated trial and error method used to locate passwords or data encryption standard keys; if, for example, the password is five digits, the program literally tries to go through every single combination of numbers and letters until the password is uncovered.
- Credential stuffing: A version of brute-force hacking — repeated automated efforts to gain access to accounts by using partial login information. This is considered a exceptionally serious attack technique. A large volume of data breaches have partially compromised customer information for hundreds of million of individuals.
Data Breach Attorneys: Contact Revision Legal Today
You Might Also Like: