DATA MANIPULATION ATTACKS: HOW TO DETECT AND PREVENT

Conventional wisdom says that once an attacker is in the system, moving laterally from network to network, the damage is already done. The adversary has found a way in and more than likely identified the data they’re after. They simply need to exfiltrate it, the last step of the kill chain, to land the final blow. In some scenarios, however, it’s what the attacker doesn’t do that could have a more devastating outcome on the enterprise. Data manipulation attacks, attacks in which adversaries don’t take data but instead make subtle, stealthy tweaks to data, usually to elicit some type of gain, can be just as, if not more crippling for organizations than theft. The ability of attackers to manipulate and shift data around is a real threat –one that could cause widespread financial and even physical harm as a result if done successfully.

Consider the stock market. Hypothetically speaking, if an attacker were to successfully breach the IT systems and databases responsible for updating a stock ticker symbol and manipulate data to show a billion-dollar tech giant like Apple, Microsoft, Google, or Amazon taking a nose dive, it would cause immediate chaos and panic would ensue. It could result in people selling off their stocks in frenzy–the culmination of a deliberate and effective attack.

Data manipulation attacks don’t always have to result in a tangible financial gain. If an attacker managed to carry out a similar attack against health record information for patients in hospitals and altered critical data like drug dosages and prescriptions that need to be administered, it could result in sickness or even death.