A malicious phone number can also be accessed by cybercriminals through weakly protected sites where the user left his phone number during registration. In such cases, they often use the services "receive SMS online" to maintain confidentiality on suspicious sites.
The common view is that as soon as the attacker is in the system and moves from network to network, the damage is already done. The attacker found a way and, most likely, identified the data that he is accessing.
However, in some cases, exactly what the attacker is not doing can lead to more devastating consequences.
Attacks on data manipulation, when an attacker does not take data, but instead makes subtle, hidden data settings to get any kind of benefit, can be just as harmful to organizations as theft.
The ability of attackers to manipulate data and move it is a real threat that can lead to serious financial and even physical damage if successful.
Examples of attacks on data manipulation
Consider the stock market. Hypothetically speaking, if an attacker successfully hacked into the IT systems and databases responsible for updating the symbol of a stock ticker and manipulated data to show a tech giant worth a billion dollars, like Apple, Microsoft, Google or Amazon, having made a dive, this immediately caused would be chaos and panic. This can lead to people selling their shares in a rage - the culmination of a deliberate and effective attack.
Attacks on data manipulation should not always lead to tangible financial benefits. If an attacker manages to carry out a similar attack against medical information for patients in hospitals and change critical data, such as the dosage of drugs and prescriptions that must be entered, this can lead to illness or more serious consequences.
Manipulating data can be as sinister as stealing data. These types of attacks are usually carried out by attackers, people who primarily have privileged access to critical data. If the insider received the blueprints for the production facility under construction, he could make small changes to the blueprints that could lead the organization to a system failure. Such an attack, which is difficult to understand and difficult to detect, can ultimately take a company out of business and give a competitor the opportunity to seize market share.
Who is behind the data manipulation attacks?
Attackers like data attacks because they are hard to detect and undermine trust and confidence. If there is no way to verify that the data, such as drawings, documents, or source code, is legitimate, it can undermine trust from within. Attacks that violate integrity can jeopardize the entire supply chain. One shortcoming, far down the chain, is enough to disrupt or delay the production of goods in the organization’s cash flow.
Car maker Tesla sued a former employee last summer after CEO Elon Musk claimed that the insider had stolen confidential and commercial secrets after he was unable to get a promotion. While the employee allegedly exported gigabytes of sensitive data, he also made changes to the Tesla Manufacturing operating system, a set of basic commands for Tesla production lines under false user names, apparently as a result of sabotage. The manipulation of sensitive data, such as source code, is not unexpected, but it can cause the market to slowly collapse over time.
For organizations, it is inevitable that attackers will receive data. It is more difficult to determine when an attacker makes small changes to the data and then leaves the scene of the crime. For threat hunters, in terms of digital forensics, there is usually always a trace. Anomalies in system logs, editing files at suspicious times, and alarms by threat signatures to detect suspicious methods and malicious behavior can be clear signs of data manipulation.
Mitigating data manipulation attacks
To counter this type of attack, organizations need to ensure endpoint visibility on their IT systems. If an outsider successfully penetrates the network, he will need to move laterally in the environment to find the data that he needs. For those who respond to incidents or threat hunters, it is very important to be able to follow their notorious forensic traces, actively hunt and discover this type of activity before doing something irreversible.
Although attackers do not necessarily leave an endpoint with data in these types of attacks, organizations can benefit from the use of endpoint detection and response tools to better understand the behavior and movement of data. Organizations can also use file integrity monitoring solutions to identify and track real-time changes to files, folders, and other settings.
Logging can also help, but it's not a silver bullet. IT departments need to develop internal controls to verify this information and ensure ongoing monitoring and sorting of the logs created by their environment.
Data manipulation attacks can be disastrous and in some circumstances lead to serious disruptions in the business, country or even the world. Being prepared is the first step towards potentially limiting or preventing the impact of these attacks.
