By Yanhua Bai and John Brozovsky, Ph.D.
Database security breaches have caused a huge amount of damage to companies across the United States. As companies rely more and more on the Internet to conduct business, company data is more and more susceptible to hackers. It is crucial for every company to prevent damage from data breaches.
Attack Tools Hackers Use
Hackers use the following nine tools to access companies’ sensitive data.
This attack tool scans through large numbers of computer systems and searches for hosts that have a vulnerability or set of vulnerabilities. Once the mass rooter detects a vulnerable host, it will try to attack the system and later be notified on whether or not the attack was successful. Mass rooters are available within the public domain. To prevent this type of attack, make sure your computer systems are up to date. Also, do not leak important information like software versions, email addresses, names and positions of key personnel to the Internet. Also, try to prevent network devices from responding to scanning attempts.
Port scanners send client requests to a range of server port addresses on a host in order to find an active port and then exploit a known vulnerability of that service. According to IBM’s Cyber Security Intelligence Index, compiled in 2013, 28 percent of all attacks were done using a sustained probe or scan. This includes tools like port scanners, operating system enumeration tools, open ports and running services. To avoid such malicious scans, you can apply access control lists. Many sophisticated systems can monitor the number of ports scanned by one remote source and block all requests from the source when the number of scans reaches a certain predefined interval.
Operating system enumeration tool
This tool determines the operating system a target host is using, and it is widely available on various Internet sites. To prevent your system from being compromised, you must maintain proper path levels on endpoint and network systems, closely monitor system design, prevent direct external access to servers and shut down all unneeded ports and services.
Hackers use software exploits to take advantage of various classes of programmatic flaws in computer software. One of the most common types is an SQL Injection, which fools the database system into running malicious code that will reveal important information from the compromised server. According to the Cyber Security Intelligence Index, each company has 1,400 attacks on average within a week. As a result, there were 1.5 million monitored cyber-attacks in the United States in 2013. To reduce such attacks, companies must make sure their software is up to date and also encrypt sensitive data.
Denial of service attack
The denial of service attack tool allows hackers to run programs that continuously ask for information from the user’s computer until the computer is unable to answer any more requests. According to Microsoft,1 there are several ways to prevent denial of service attacks. One way is to “keep an audit trail that describes what was changed and why.” Another way is to “keep people aware of old configurations and their purpose.” Finally, you must “know the trade-offs between simplicity, cost and survivability.”
Distributed denial of service attacks (DDoS)
A DDoS tool allows hackers to install Trojan horse programs on the user’s computers throughout the network. These attacks are preventable. You must first acknowledge that you are vulnerable and that hackers attack organizations at random. As a result, you must implement the best and most current practices for network infrastructure, applications, critical supporting services and the domain name system (DNS).
Hackers use DNS spoofing to force a DNS server to accept and use wrong information from their server. Spoofing can cause lots of problems for vulnerable DNS servers, such as directing users to the wrong websites or directing email to non-authorized mail servers. If the hacker or competitor at another company is able to redirect email, they will be able to gain insight into the other company’s product designs and other confidential information, which can cause a huge loss for the original company. There are two main issues to worry about concerning DNS spoofing. First, a spoofing attack can go unnoticed until the competitor enters the market with a “copy” of the other company’s product. Second, many top level business managers don’t realize that DNS spoofing can cause such tremendous financial and security risks. However, there are ways to prevent DNS spoofing. Companies responsible for a domain must check which type of server they are using and consult with its developer to determine if the server is vulnerable to DNS spoofing. More importantly, companies must use the latest version of DNS Expert to check the vulnerability of all types of DNS servers to determine whether they are prone to DNS spoofing or other risks.
Cisco defines a Trojan horse as “a harmful piece of software that looks legitimate.” Users are commonly tricked into downloading and executing the file onto their computer. In reality, this file is disguised as a legitimate software or program. After it is activated, it will start to create numerous attacks on the host, which in turn gives the hacker access to the system through back doors. According to the Cyber Security Intelligence Index, 35 percent of cyber attacks were done using malicious code, such as third-party software using a Trojan horse. To prevent Trojan horse attacks, company employees must make sure they never open email attachments from unknown or suspicious users. They also should never download free software from unknown or sketchy websites.
Viruses and worms
Hackers use a virus to replicate itself to another file or document. A virus hidden inside a file could be spread to another person’s computer once they open that file. This is very similar to another kind of hacker tool called a worm. A worm, on the other hand, is a computer program that also replicates itself by sending itself to other systems, but it can spread much faster than a virus. To prevent hackers from using a virus or worm against your company, you must run virus detection software on your computer to scan and eliminate any viruses. You also need to make sure that your anti-virus software is up to date.
The Cost of Data Breaches
In the recent years, many companies suffered tremendously from security breaches. Here are four companies that have been negatively affected by data breaches.
In January 2007, TJX, the retail company that owns T. J. Maxx and Marshalls, suffered a severe data breach. Albert Gonzalez and his crew of hackers gained access to 45.6 million credit card and debit card numbers from the customer databases of TJX due to its poorly protected wireless local-area networks. He was able to do so by exploiting the holes in the SQL programming language. In other words, he used software exploits. This severe breach cost the company $256 million.
Hackers also used software exploits in the Global Payments Breach in April 2012, as well as SQL injections that exploited holes in the SQL programming language. This severe data breach cost the company $93.9 million, which included $60 million for professional fees and other costs associated with investigation, remediation, incentive payments, credit card monitoring and identity protection insurance costs; $35.9 million for fraud losses, fines and other charges imposed by the card networks; and $2 million for insurance recoveries. This breach affected 1.5 million payment cards in North America.
In October 2013, 360 million personal account records and 1.25 billion email addresses were stolen from Adobe Systems Inc. These personal account records included encrypted passwords from the customers. This hack was considered the biggest breach in history.
Around November 2013, hackers installed malware into Target’s payment system. As a result, 40 million credit and debit card numbers were stolen from Target along with 70 million sets of customer information such as name, address and email address and phone number. This caused a 46 percent drop in Target’s profits in the fourth quarter of 2013.
Prevent Data Breaches at Your Company
- Encrypt sensitive data. This adds an extra layer of protection to the data that matters to you the most.
- Educate your employees on data security. This is extremely crucial. According to Mentis Software Co., 69 percent of data breaches are caused by authorized users. Make sure to tell your employees to download applications from reliable websites and pay extra attention to attachments on emails. Also make sure to let employees sign and date an acknowledgement form showing that they participated in the training activity.
- Create a written set of Internet policies. If possible, create handbooks that contain this set of policies and distribute them to your employees. This will help reinforce correct usage of the company’s internet.
- Control Internet usage. Limit websites that employees can visit during work as well as lunch breaks. Use tools to block certain banned URLs if possible.
- Do thorough background checks on your employees. Make sure to check if a prospective employee has a criminal record or a bad credit history. Also make sure to screen for hacker connections or unprosecuted hacker crimes.
- Be extra aware of suspicious employees who show at-risk characteristics. Some common at-risk characteristics include, but are not limited to, a history of negative social and personal experiences, lack of social skills and a propensity for social isolation, a sense of entitlement and ethical flexibility.
- Use a secure wireless connection. This will help prevent your company from encountering the same fate as TJX.
- Use paper shredders to permanently dispose credit card information and Social Security Numbers.
- Keep your company’s anti-virus software up to date. Outdated anti-virus software will open up vulnerability for a data breach.
As technology moves forward to help companies perform more efficiently, the risk of a data breach also increases. It is extremely important to understand common ways hackers get access to a company’s data as well as the ways to prevent data breaches.
When this article was published, Yanhua Bai was a student at Virginia Tech majoring in accounting and information systems, and John Brozovsky, Ph.D., was a Virginia Tech associate professor of accounting. He is now retired.