A data breach is a security incident in which private/confidential information is viewed, copied, transmitted, or used by an unauthorized individual. This may involve personally identifiable information, personal health information, financial information, intellectual property, or trade secrets of companies.
Data breaches are far more than a temporary terror: they can hurt businesses and consumers in various ways, and expenses caused by them can damage reputations and take time to repair.
Breaches that affect hundreds of millions or even billions of users have become quite common. In 2016, the Internet service company Yahoo! confirmed that all 3 billions of its users were impacted in what is considered as the biggest data breach in history. Specific details of users, including names, mobile numbers, email address, date of birth, and hashed passwords, were leaked.
In 2018, NYC-based video messaging service Dubsmash and a fitness app named MyFitnessPal were among the massive data dump of 16 compromised platforms that saw over 600 million customers accounts leaked and offered for sale on the online darknet market.
Hundreds of similar events have happened in the recent decade. As per the study conducted by the Ponemon Institute, a data breach costs $3.86 million on average to a company.
Given the rising stakes and increasing costs of data breaches, businesses and governments have started putting a lot of resources to keep their customers’ data secure.
Most data breaches involve vulnerable and unstructured documents, files, and sensitive information. In this overview article, we have explained the eight most common types of data breaches and how do they happen.
8. Distributed Denial of Service (DDoS)
A 1.3Tbps DDoS attack shut down GitHub for 20 minutes in 2018
A malicious attempt to disrupt the host services
DDoS attacks aim to overwhelm the website and online services with more traffic than the server or network can handle. They are sometimes used to distract cybersecurity operations while other fraud activity, such as network infiltration or data theft, is underway.
These attacks are carried out with a bunch of internet-enabled devices that are infected with malware. Attackers control these individual devices (also called bots) remotely.
A cluster of bots is known as a botnet, and once it has been established, the attacker can use it to target a particular server or network. Each bot sends requests to certain IP addresses, rendering the website or service inoperable.
The first DDoS attack happened in 1996 when one of the oldest ISPs named Panix was brought down for several days using the SYN flood, a method that has become a classic Distributed Denial of Service attack. Over the next decade, these types of attacks became common.
An attack of 1 Gbps is enough to knock most organizations off the internet. According to Cisco, the total number of DDoS attacks will reach 15 million by 2023, up from 7.9 million seen in 2018.
Example: In February 2020, Amazon Web Services was hit by an extreme DDoS attack, which targeted unknown customers via a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. The attack peaked at 2.3 TBps and lasted for 3 days.
7. Brute-Force Attack
Brute force attack on 5-bit key
Guessing password via trial and error method
A brute-force attack involves submitting credentials with the hope of eventually guessing right. Attackers try all possible combinations of passwords until the correct one is detected.
This type of attack accounts for nearly 5% of all data breaches. Attackers don’t need to enter passwords manually. Instead, they create an algorithm or use readily available software to automatically run different combinations of usernames and passwords until the right combination is found.
Brute force hacking tools are designed to generate tons of passwords per second. Combined with a powerful CPU and GPU, these automated tools could brute-force a strong encryption key in a matter of days.
Since longer passcodes can have more variables, they are exponentially more difficult to crack than shorter ones. Today, most symmetric algorithms use 128 or 256-bit keys, which can’t be cracked via brute force.
Example: In 2018, Firefox’s master password system could be easily bypassed using brute force. Passwords of millions of users were left vulnerable to malware and hackers. A year later, Firefox pushed out an update to fix this security glitch.
CryptLocker asking for a ransom
A malware that infects devices and threatens users to pay a ransom
Ransom malware prevents users from accessing their personal files and demands a fee in order to regain access. It can infect your computer in several ways. The most common of them is malicious spam delivered via email, which contains deceptive links or attachments.
Conventional ransomware locks the device in a way that is not tough for a skilled person to reverse. However, advanced malware encrypts the user’s files, making them unusable, and demands a fee to decrypt them. Attackers usually ask for ransoms in difficult-to-trace digital currencies like Bitcoin.
The first ransomware named PC Cyborg was created in 1989. It would encrypt all files in the C directory and then demand victims $189 (by mail) to renew their license. Over the next decade, different variants of ransomware popped out.
However, advanced ransomware wouldn’t arrive until 2004, when GpCode encrypted personal data using weak RSA encryption. Since then, scams have spread worldwide, with new types still successfully targeting users.
In the first six months of 2018, there were more than 181 million ransomware attacks. In 2019, new ransomware variants increased by 46%, with 68,000 new ransomware Trojans detected for mobile.
Example: Perhaps the most popular example of ransomware is CryptoLocker, which occurred between September 2013 and May 2014. It was an encrypting Trojan horse that targeted devices running on Microsoft Windows. Its operators successfully extorted nearly $3 million.
An unlawful attempt to obtain sensitive information
Phishing is a technique of trying to collect personal information, such as passwords and credit card details, using deceptive websites and emails. It is also carried out via instant messaging and text messaging, where an attacker, masquerading as a trusted entity, dupes a victim into providing personal details.
Phishing can also be used to deliver malware, by encouraging users to visit a link or download a document that will secretly install a malicious script on the device. On a larger scale, it is used to gain a foothold in private organizations or governmental networks.
For instance, in an advanced persistent threat, employees’ data is compromised to bypass security parameters, spread malicious programs inside a closed environment, or gain access to private data. This type of attack could remain undetected for an extended period.
According to Verizon’s data breach investigation report, 22% of breaches in 2019 involved phishing. About 88% of organizations across the world experienced spear-phishing attempts. 65% of the US organization experienced a successful phishing attack in 2019, which is nearly 10% higher than the world’s average.
Example: One of the most consequential phishing attacks occurred in 2016 when attackers managed to hack the Gmail account of Hillary Clinton campaign chairman John Podesta. Within hours of US election results, Russian hackers sent phishing emails (from spoofed Harvard University email addresses) to publish fake news.
Blaster worm displaying a message
A standalone, self-replicating malware
A computer worm spreads copies of itself from device to device. It replicates itself without any user interaction and attaches itself to a software program to cause damage.
While most worms get into devices through attachments in spam emails or instant messages, they can also be transmitted via software vulnerabilities. Once these attachments are opened or installed, they work silently in the background, infecting system files.
Worms can inject malicious script and modify/delete existing files. Some worms are designed to exhaust system resources, such as memory space or bandwidth. They do so by making copies of themselves and overloading a shared network.
Worms can also exploit loopholes in the operating system, application security, or network configuration errors to copy themselves onto a fully accessible disk and spread those copies over public networks.
Example: The first computer worm with real-world impact was developed by Robert Morris in 1988. Named after its developers, Morris Worm caused denial of service for about 10% of the 60,000 machines connected to ARPANET. In 2003, another worm named Blaster launched DDoS attacks against Microsoft’s own server, infecting as many as 2 billion devices.
Records keys struck on a keyboard without users’ knowledge
Keystroke logging tools are one of the oldest forms of malware, dating back to typewriters. It is still used as part of larger cyber attacks. At its most basic definition, a keylogger traces the keystrokes on a computer.
Although it’s a simple software, attackers can use it as a potent tool to steal users’ data and sensitive information typed in through a keyboard. This gives attackers the benefit of accessing email IDs, passwords, account numbers, PIN codes, and other confidential information.
The hardware-based keyloggers can be plugged inline between a keyboard and a computer, or installed via BIOS-level firmware. The software-based keylogger can be installed through webpage scripts or attachment files from a phishing mail. It is installed automatically when a user visits a harmful site or opens a suspicious file attached to an email.
Example: In 2000, the FBI used a keylogger to catch two Russian cybercriminals. The keylogger was covertly installed on a machine, and the FBI used to access suspects’ computer in Russia. FBI was able to obtain enough evidence to prosecute them. In 2018, Google removed 145 apps from the Play Store that contained keylogging malware.
2. Human Error
Employees occasionally make mistakes that lead to major data breaches
Humans are often the weakest link in data breach defenses. For instance, IT teams may accidentally expose customers’ personal information by misconfiguring servers, or employees may forward the company’s report to an outsider via emails that are sent in bulk.
According to the study conducted by the UK Information Commissioner’s Office (ICO), human errors caused 90% of cyber data breaches in 2019.
CybSafe, a cloud-based cybersecurity awareness platform, reported that 9 out of 10 of the 2,376 breaches reported to the ICO in 2019 were caused by faults made by end-users. This is 61% and 87% up from the previous two years.
Example: In 2017, the SSL certificate used by LinkedIn for its country subdomains expired. While this event didn’t affect www.linkedin.com, it did invalidate us.linkedin.com along with a few other subdomains. As a result, millions of users weren’t able to access LinkedIn for several hours.
1. Improper Disposal or Irresponsible Resale
Many organizations don’t destroy outdated hardware properly
Organizations, specifically small ones, often do not take data security in mind while upgrading hardware and infrastructure. The end of the hardware lifecycle is a crucial aspect of responsible storage management.
Not all data breaches are caused by hacking. Some are results of improper disposal and irresponsible resale. In order to secure confidential data, companies must decommission data or physically destroy hardware.
The National Institute for Standards and Technology has published guidelines for proper media sanitization and data disposition. They suggest that software-based methods, such as purge-level sanitization, can’t completely eliminate data from all storage regions on the media surface.
Example: In 2017, desktops from a government office in the City of Houston were sold in an online auction. After investigation, it was found that 23 out of 38 computers had hard drives full of private information.
In the same year, ShopRite pharmacy in New Jersey discovered an electronic device that had been disposed of without first wiping its storage. It contained personal information of 10,000 patients, including their names, date of birth, signatures, phone numbers, ad medical prescription.