Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

The Snowball Effect of Data Breaches

It is no secret that data breaches and cyber attacks have become increasingly common in virtually every industry and sector. It is rare that a week goes by without news of another breach.

It is no secret that data breaches and cyber attacks have become increasingly common in virtually every industry and sector. It is rare that a week goes by without news of another breach.

These attacks impact us as security professionals as well as individuals. Professionally, we must adapt our security practices to detect and quickly respond to these stealthy threats. As individuals, we must constantly be on the lookout for fraud resulting from the theft of our personal information.

But we also must be aware that attacks don’t occur in a vacuum, and that each breach has the potential to enable the next attack. While the theft of Personally Identifiable Information (PII), can be used by criminals to commit fraud, stolen information is also valuable for setting up the next major breach.

Passwords are always a prize

Hackers always attempt to extend their attack or enable the next one, and stealing passwords offers a clear path to that goal. Even at the individual level, one of the first things an attacker will do to a compromised host is to dump its passwords. Botnets and malware can automate this process in a distributed fashion, and allow attackers to obtain a trove of credentials from large numbers of infected devices.

However, a successful cyber attack can allow hackers to steal user credentials in bulk instead of one at a time. Depending on how those credentials are stored, attackers can often use stolen usernames and passwords to gain access to other sites, applications or networks.

This creates a feedback loop of breaches where one breach helps facilitate the next. Worse yet, a stolen password enables an attacker to gain entry without using exploits or malware. Consequently, security teams must be prepared to proactively recognize unusual or anomalous behavior from users that might indicate that their credentials or devices have been compromised.

Context is key

Advertisement. Scroll to continue reading.

While passwords may provide an attacker with immediate gratification, other types of stolen data can be even more useful with a little work. Attackers can obviously leverage stolen personal data to steal an individual’s identity.

But this information is also often used to create highly convincing and targeted spear-phishing emails. These spear-phishing techniques are the hallmark of the most sophisticated targeted attacks. When armed with stolen private information, it can be very difficult for a user to recognize the phishing attempt, even if they are properly trained.

Likewise, PII can provide invaluable human intelligence to nation-state attackers who are often behind the most sophisticated attacks. The recent breach at the U.S. Office of Personnel Management (OPM) not only exposed the data of more than 25 million federal employees, but also potentially provides a nation-state actor with a blueprint of individuals and their families as well as their associated clearance.

In this case, attackers would not only know personal information that would help them know how to attack a victim, but would also show them who to attack to infiltrate a particular organization and its data.

In this case, attackers have the personal information and unique knowledge about how to attack a victim, as well as who to attack to infiltrate a particular organization and steal its data.

Twisting arms

Such a breach provides a potential avenue for bribery, blackmail and other forms of coercion. It’s another area where breaches can have a compounding effect. By cross-referencing information exposed in other breaches, nation-state attackers can find signs of financial difficulties and other information that could be used against an individual.

As a hypothetical example, consider the recent breaches against Ashley Madison and Adult FriendFinder. Leaked data from these breaches could clearly damage and embarrass individuals who used these sites.

Worse yet, a nation-state attacker could cross-reference names from the Ashley Madison breach with names from the OPM breach. Any matches would give foreign intelligence teams with the means to coerce specific individuals who have desired levels of clearance.

These are just a few examples of the far-reaching impact that breaches have on information security. We often think of the clean-up phase of a breach being complete after the threat has been identified, remediated and new controls put in place. But the effects of a breach often extend well beyond the walls of the individual organization that was affected.

The more private data that is exposed, the more that data can be used to facilitate subsequent attacks. Whether through stolen passwords, convincing spear-phishing or outright coercion, we must be aware that end-users are increasingly vulnerable. While training and prevention are still vital, we should realize that these methods alone cannot stem the rising tide of breaches.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...