We’re seeing an alarming trend in security data breaches – every year, more breaches that are both larger in scope and increasingly devastating.
A report by USAtoday ranks the top breaches (that we have seen) by estimated affected users. Take a look:
Notice that, of the top seven breaches, five of them have happened in 2016 and 2017 alone. Just between these 5 recent breaches are an estimated 2.103 BILLION affected users.
Names, social security numbers, birth dates, addresses, and drivers license numbers were all exposed during the breach.
When it comes to data breaches, everybody involved suffers. Employees and customers run the risk of having their identities stolen and their bank accounts emptied. The identity and reputation of the business takes a hit. It’s shareholders suffer tumbling stock prices and the bottom line is affected as the business pays reparations to those affected, such as credit monitoring services and fees for reissuing credit cards.
According to Verizons DBIR, the web application layer is the #1 source of data breaches.
The application layer faces the end user and provides services such as SMTP (email), file transfer, web surfing, network data sharing, and more. It’s a difficult layer to protect and it’s the one that connects us to the information and services that we need. Many breaches happen because of “Website application vulnerabilities” a pretty general term. When this is listed as the cause, it means that the hackers exploited a weakness or flaw in the business’s web application layer to breach their systems and access sensitive information.
Large scale breaches (such as the ones mentioned above) require that hackers gain open access to one or multiple of the victims systems. This kind of access is difficult without login credentials. Knowing that 81% of data breaches involve stolen credentials, we find a trend that hackers are using to carry out these massive data breaches – They are exploiting web application vulnerabilities to gain access via stolen credentials.
There are a variety of different tools and techniques that hackers could have used to exploit an application vulnerability and gain credentials. Here are few common methods that could have been used in these breaches.
Lightweight Directory Access Protocol (LDAP) is a way that web applications verify and authenticate their users login credentials.
If this is the method that hackers used in these breaches, it could have gone something like this:
The hacker goes to the web login portal to one of the target (victim) systems. Instead of just accessing it, however, they inject code to the username or password. The vulnerability is that the code will trick the server into letting them through, and, in worst case scenarios, they could access the directory of usernames and passwords and steal credentials or elevate their current privilege to enable their breach.
Injections are classified as the most dangerous and prevelant form of data breach, and they are not limited to LDAP – they can be executed in SQL, the source code, XML, and more.
Cross site scripting (XSS) can happen when a user clicks on a bad link in an email, for example. The link will take them to a website that they know and are familiar with, but the hacker has injected code that will execute once the user clicks on it. There are other ways that XSS can be used to breach a system, but essentially the hacker tricks the user into manipulating the website application vulnerability to reveal their login credentials or allow them (the hacker) to bypass authentication.
The goal for the hacker is to steal credentials, bypass security, or completely take over the users session
This is an application vulnerability where you enter your information into an application and that application fails to sufficiently protect that information. When hackers get a hold of that information, they can steal passwords or sessions and bypass security measures.
Say you log on to your bank account and the banks web app doesnt encrypt your username or password – anyone who looks at it could read it and find your information. If a hacker set up a “man in the middle” system, they could see all of the communication happening between you and the server. Since it is unencrypted, they would easily steal your login credentials. If the session ID isn’t protected, they could also use that and bypass the authentication process.
Protecting the application layer is hard. Protecting all user credentials are hard. Security, in general, is hard – especially when you rely on one line of defense.
The solution? Reduce risk with layered security in order to create an environment where it’s near impossible for a breach of this scale to happen.
Add a layer of security today and keep your company out of the data breach headlines.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.