Data Breach: Weak Configuration
Weak Configuration: An Open Invitation for Cyber Exploitation
Technology devices don’t have a corner on weak configurations. System network configurations can be just as weak – especially when it comes to password protection.
The Verizon Data Breach Investigation Report (DBIR), in fact, reported that four out of five breaches can be traced back to easily guessable passwords (e.g. a ‘123456’ password), and/or the lack of a static authentication system.
Even established institutions in the financial, healthcare, and retail sectors are prone to fall short in their efforts to mandate secure password best practices. Poor configurations are responsible for four major modes of attacks, including:
1. SQL Injection
Hackers can use an injection attack to bypass a web application’s authentication and verification mechanisms to access private data.
Malicious code is inserted, or “injected,” into strings that are passed to an SQL server for parsing. This tricks the application into changing data or executing unintended commands – giving attackers full access to a database for the purpose of releasing its information or holding it hostage. An estimated one out of three Web attacks are launched via SQL injections.
2. CMS Compromise
Many institutions rely on some form of content management system (CMS) – WordPress or Joomla, for example – to share, publish and edit content. Unfortunately, these systems may contain vulnerabilities that are often exploited when left unpatched. These openings provide an entry point for attackers to install backdoor programs.
WordPress, despite being the most common CMS, is also one of the most vulnerable. One study revealed that 73% of all WordPress installations had one or more vulnerabilities that could have easily been detected using automated tools.
CMS solutions are inherently vulnerable because of their open frameworks. Many operators also use weak passwords, leaving their system susceptible to brute force attacks.
3. Backdoor Access
“Backdoor” essentially refers to any intrusion tactic that goes unnoticed. Hackers can use backdoor access to install malicious software or record user keystrokes, which gives them what they need to move freely around the unsuspecting victim’s network.
Systems are especially vulnerable to backdoor attacks when networks are accessed by multiple users. Attacks normally occur in stages, and backdoors are often used as a second point of entry or the third command-and-control stage of the attack process.
4. DNS Tunneling
Domain name system tunneling is a way of encoding the data of other programs in DNS queries and responses. It is used to establish unintended communication channels to a C2 server and enact data exfiltration.
Since the DNS protocol is not intended for data transfer, it is often overlooked by security monitoring programs. As a result, the infiltration may go unnoticed for some time.
Related Articles:
Data Breach Scenario: Malicious Software
Criteria for Evaluating EMM/MDM Solutions