Table of Content +

What is Security Breach?

Security breach is a type of cybercrime that is done in order to access the cyber or cloud data, application, devices, or any network through an unauthorized and unauthenticated way. It comes out in sensitive data or personal information being hacked or gained without any legal authorization. It all happens when the insider becomes able to gain and bypass all the inner security mechanisms [1].

Type of Security Breach

There are three types of security breaches [2]:

Physical Breach

This type of attack involves the theft of credentials and equipment physically having individual’s account data, receipts files, and POS systems. This attack is also referred as “corporate espionage”, here the items that are compromised and are at risk include:

  • PCs, Desktops, Computers and Laptops
  • External hard drives
  • Any technology holding cardholder’s data such POS (point of sale) equipment etc.
  • Physical asset involving individual’s data, hard copy bills, faxes, credits receipts and even blank checks which are at the stake mostly.

Electronic Breach

An electronic breach is the illegal access of information and deliberate attack over the network or system environment where the transaction data takes place, stored, processed and transmitted. This comes out to be the result of gaining access through web servers or even websites in to a networking system vulnerabilities by inducing application-level attacks.

Skimming

Skimming happens by capturing and making record of magnetic stripe data at the back of credit cards. This procedure makes use of an external device that is sometimes deployed over the merchant’s Point of Sale (POS) unauthentic ally without let them knowing. This breaching type also includes the involvement of a dishonest employee making use of an external gadget for collecting card’s magnetic stripe data. These identity thieves gather data and use it in order to create counterfeit credit and debit cards.

Vulnerable Attacks of Security Breach

There are a numerous kinds of attacks that occur in security breaching depending on how access has been gained to the system [3]:

Exploit Attack

Exploitation attack is done of system’s vulnerability, that involves the expiration of operating system or its out dated version. Legacy operating systems, that are not updated. For instance; in most of the businesses out dated and old versions of Microsoft windows are deployed without providing any supported update. Such types of softwares and even operating systems are susceptible to the exploitation attack.

Weak Password Attack

There is a high chance that weak passwords are cracked or even guessed easily. Some people use an extremely weak and vulnerable password for example, some uses “password” as their password. But it is not secure to use such kinds of security pins or passwords these are easily get accessed to the hackers and attackers.

Malware Attacks

These kinds of attacks involve the phishing email attack that have the greater chances to gain access or entry into the system’s informative platforms. This attacks occurs by a single click of an employee of the company or even by any individual. Once the individual clicked on the phishing email then it allows the malware software and applications to spread and expand throughout the computer system of user within its network.

Drive by Downloads

It makes use of several viruses and malicious attacks to be delivered via potentially compromised and spoofed websites and URLs.

Social Engineering Attack

This attack is used to gain the unauthentic access to the system. For example, an insider makes a call to an employee of some company claiming to be belonging to the same company from an IT helpdesk and asks for the passwords for “fixing” the laptop or other devices.

SolarWinds

SolarWinds is an American organization that produces softwares for several business oriented organziations in order to help and secure their networking systems, and IT infrastructure. This company acquires a huge amount of other companies that includes Papertail, Pingdom, and Loggly.

SolarWinds Breach

SolarWinds product knows as “Orion” that is used by more than 33000 public and private sector employees and customers was then hacked which was disclosed in December 2020. It is stated that the hacker behind SolarWinds attack is the Russian Intelligence. The attack continued unnoticed for many months in the year 2020 and inquiries into the extensiveness and depth of compromised systems kept on continuing.

According to Washington Post, using the SolarWinds software, several US based government agencies and organizations were breached.

How hackers breached SolarWinds software?

According to Microsoft, attack through the SolarWinds product software was done by:

  • Acquiring and gaining “super user” access to the “SAML token signing certificates”.
  • This SAML certificate was casted off to forge the new tokens in order to permit attackers with highly trusted and privileged right to access to the network system.

According to FireEye which is one of the victim of SolarWinds breach companies reported that;

  • Hackers might have inserted or implanted “malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim’s environment” [4].
  • In addition to that, it was also said that the attackers got the permission to “access to the victim’s system using “trojanized updates within the SolarWinds” IT monitoring and management software” [5].
  • Essentially, software update was compromised and exploited in order to deploy and install the “Sunburst” malicious virus in to the Orion software of SolarWinds that was then ultimately installed by more than 17000 – 18000 customers.
  • System hackers used “multiple methods and techniques” in order to being unnoticed and unavoidable and even undetected. They kept their hacking activities obscure and vague for spo many months.
  • The most favorable thing happened to the attack was it was able to “blend in legitimate SolarWinds activity”.
  • If the software or update is once installed, the malicious virus provided a backdoor right to enter to the attackers in to the system and cyber network of the customers of SolarWinds company.
  • More prominently, the malicious virus was also capable to thwart the tools like anti-virus that could detect it [5].

What measures were taken to avoid SolarWinds breach?

The “Cybersecurity and infrastructure Security Agency” issued an “Emergency Directive 2101” as a quick response to the cyber hacking incident, and asked everyone involving federal agencies to disable the SolarWinds software “Orion”.

Strategies to Combat Cybersecurity Problem

“Australian Signals Directorate (ASD)” suggests to use 4 strategies in order to combat the cybers security issues.

Two of these strategies includes Patching Phenomenon [6].

  • Patch Application
  • Patch Operating System (OS)

Patch

A patch timely updates one out of date component of every software, possibly in order to fix a “bug or error” that might have discovered after the release of software product. Security patches address vulnerabilities and susceptibilities within the software that cybercriminals probably use in order to gain unauthorized and illegal right to access to the user’s device and important data.

From this it can be observed that for reducing the risk of data breaching, timely and efficient patching is essential. Each of the servers, network devices, workstations and network appliances, mobile gadgets and OS along with other installed applications require to be kept up to date with the latest version ensuring organization’s OS security on the whole.

Even a single unpatched system can drastically increase the chances of attack on the company’s environment and this is then multiplied if there are more systems or operating workstations unpatched, vulnerable to the security threats and are in unknown state.

Patch Management

Patch Management gives fabulous value to an organization in order to deliver proactive security, but it is sometimes overlooked as a potential data breach “detection” system. If an endpoint is broken, it may have been “broken” by a malicious attack.

When a world-wide threat like “Wannacry or Not Petya” breaks out, the company needs to install an emergency and quick patch as fast as within 48 hours. Reaching millions of endpoints needs a solution and a vigilant team that has the ability to meet the demand. Depending on the soread of the threat, priority based patching is needed to take place over the workstations or Internet that face servers like web, email and remote access – within hours.

Reference

[1] “What is a security breach?,” www.kaspersky.com, Sep. 10, 2020. https://www.kaspersky.com/resource-center/threats/what-is-a-security-breach (accessed Jan. 07, 2021).

[2] “Different Types of Data Breaches,” Shred Nations, Aug. 28, 2015. https://www.shrednations.com/2015/08/different-types-of-data-breaches/ (accessed Jan. 07, 2021).

[3] “The 3 Main Causes of Security Breaches,” British Assessment Bureau, Jul. 28, 2016. https://www.british-assessment.co.uk/insights/3-causes-security-breaches/ (accessed Jan. 07, 2021).

[4] H. Solomon, “Malicious update to SolarWinds’ Orion platform blamed for global hacks, including FireEye | IT World Canada News,” Dec. 14, 2020. https://www.itworldcanada.com/article/malicious-update-to-solarwinds-orion-platform-blamed-for-global-hacks-including-fireeye/439555, https://www.itworldcanada.com/article/malicious-update-to-solarwinds-orion-platform-blamed-for-global-hacks-including-fireeye/439555 (accessed Jan. 07, 2021).

[5] “Explained: A massive cyberattack in the US, using a novel set of tools,” The Indian Express, Dec. 29, 2020. https://indianexpress.com/article/explained/us-solarwinds-hack-cybersecurity-fireeye-russia-7110550/ (accessed Jan. 07, 2021).

[6] “Data Breach Fire Detection – Security Can Not Be Compromised.” https://www.trianz.com/insights/data-breach-fire-detection (accessed Jan. 07, 2021).