Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Attacks. Machine learning.. Show all posts

Researchers Reveal DBREACH as New Attack Against Databases

 

In reference to the past record, many organizations have observed that databases are critical applications for any organization, which give cybercriminals more chances to target them. 

Recently hackers review has reported news relating to the Black Hat US 2021 hybrid event in which hackers have been encouraged to collaborate with federal agencies against cybercriminals – in the same event a group of cyber intelligence expressed a new type of cyber attack against databases that could lead to information reveal and loss. The attack has been identified as DBREACH, which is an acronym for Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics. 

Mathew Hogan one of the cyber intelligence members said that in modern databases, compression is often paired with encryption in order to reduce storage costs. Although that can increase risks as it could lead to exploitation by a class of vulnerabilities known as side-channel attacks. 

“With DBREACH, an attacker is able to recover other users’ encrypted content by utilizing a compression side channel," Hogan said. "We believe this is the first compression side-channel attack on a real-world database system." 

Along with this, Hogan and his colleagues in a much explained 121-slide presentation have provided thorough detail on how a DBREACH attack could work. Reportedly, DBREACH goes with the same techniques as the CRIME (Compression Ratio Info-leak Made Easy) attack on Transport Layer Security (TLS) that was first reported in 2013. 

"We believe that this threat model is realistic and achievable," Hogan further told. "The update capability can be achieved through a front-end web interface that's backed up by a database table, which is something that's really common in a lot of databases." 

How can database users mitigate the risk of DBREACH 

There are many ways for database users to mitigate the risk for DBREACH. One of these ways, as per Hogan, includes not using column-level permissions. He also recommended organizations to monitor database usage patterns for unusual activity which then would be similar to Denial of Service (DoS) detection, looking for a single user that is performing an unusually high number of updates. 

"The only foolproof method for preventing this attack is to turn off compression…” “…We believe that this really drives home the point that compression and encryption should be combined very carefully, lest you or your system fall victim to compression side-channel attack," Hogan added.

Advancing Ransomware Attacks and Creation of New Cyber Security Strategies

As ransomware is on the rise, the organisations are focusing too much on the anti-virus softwares rather than proactively forming strategies to deal with cyber-attacks which could pose as an indefinite threat to the users. Nevertheless one of the good advices to deal with this issue is the creation of the air-gaps, as through these it becomes quite easy to store and protect critical data. It even allows the offline storage of data. So, when a ransomware attack occurs, it should be possible to restore your data without much downtime – if any at all.

But it usually happens so that organisations more often than not find themselves taking one step forward and then one step back. As traditionally, the ransomware is more focused on backup programs and their associated storage but on the other hand it seems very keen on perpetually targeting the storage subsystems which has spurred organisations into having robust backup procedures in place to counter the attack if it gets through.

So in order for the organisations to be proactive it is recommended that they should resort to different ways to protecting data that allows it to be readily recovered whenever a ransomware attack, or some other cyber security issue, threatens to disrupt day-to-day business operations and activities.

Clive Longbottom, client services director at analyst firm Quocirca explains: “If your backup software can see the back-up, so can the ransomware. Therefore, it is a waste of time arguing about on-site v off-site – it comes down to how well air locked the source and target data locations are.”

However, to defend against any cyber-attack there needs to be several layers of defence which may or may not consist of a firewall, anti-virus software or backup. The last layer of defence that is to be used by the user though, must be the most robust of them all to stop any potential costly disruption in its track before it’s too late. So, anti-virus software must still play a key defensive role.

A ransomware attack is pretty brutal, warns Longbottom, “It requires a lot of CPU and disk activity. It should be possible for a system to pick up this type of activity and either block it completely, throttles it, or prevents it from accessing any storage system other than ones that are directly connected physically to the system.”

Now coming down to the traditional approach, it is often observed that data centres are in position in close proximity to each other in order to easily tackle the impact of latency, but for the fact they are all too often situated within the same circles of disruption increases the financial, operational and reputational risks associated with downtime.

Therefore there are a few certain tips that could allow the user to successfully migrate data to prevent ransomware attacks:
• The more layers you can add the better.
• User education.
• Update your Back-up regularly - it can be the last layer of defence.
• Have a copy off site – tape or cloud but don’t leave the drawbridge down.
• Planning of your backup process for your recovery requirement.

By following these one could successfully prevent cyber-attacks with ease and precision.