Why do data breaches occur?
An anti-malware software manufacturer Malwarebytes argues that “a data breach isn’t a threat or attack in its own right and instead comes as a result of a cyberattack that allows hackers to gain unauthorized access to a computer system or network and steal its data”.4 As the process of digitizing content rises and the cloud continues to grow, data breaches will continue to occur.
Targeted data breaches typically occur for the following reasons:
Exploiting system vulnerabilities
Hackers use exploits of systematic vulnerabilities in software or systems to gain unauthorized access to a computer or network and its data. Exploits are commonly found in operating systems, internet browsers, and a variety of different apps.
Hidden within a system’s code, these vulnerabilities are sought out by hackers, as well as cybersecurity experts and researchers. For example, older operating systems can, unfortunately, have built-in vulnerabilities that today’s hackers can easily exploit to access a computer’s data.
While the hackers want to use the exploits for their own malicious gain, the cyber security agents want to better understand the exploits and how they can be patched or otherwise modified to prevent data breaches and boost cybersecurity.
To make their dubious work easier, some cybercriminal groups will package different exploits into automated kits. These kits allow criminals with little technical knowledge to take advantage of exploits.
Weak passwords
As its name implies, a weak password is a password that is easy to determine by humans and computers. These passwords often contain the name of the user’s spouse, children, pets or address, since they’re easy for the user to remember. The passwords may not be case sensitive or just generally fail to use capital letters or symbols.
Weak passwords are easy for hackers to guess or use in brute force attacks or spidering to figure out a user’s password. Also, never have your password written down on your desk or be aware of anyone who makes be “shoulder surfing” when you’re entering a password.
SQL injection attack
Structured query language (SQL) injection attacks exploit the vulnerabilities in an unsecured website’s SQL database management software. To execute a SQL injection attack, a hacker embeds malicious code into a vulnerable site or application, then pivots to the backend database.
For example, a hacker changes the code in a retailer’s website so that when they perform a search for “best-selling headphones,” instead of yielding results for great headphones, the retailer’s website provides the hacker with a list of customers and their credit card information.
A less sophisticated type of cyberattack, SQL attacks can be performed using automated programs similar to those used for exploits.
Spyware
Spyware is malware that infects your computer or network to “spy” on you and otherwise gather information about you, your computer, and what websites you visit.
Victims often are infected by spyware after downloading or installing something that seems benign, only to have spyware bundled together with it. You can also get spyware by clicking on a malicious link or as a secondary infection from a virus.
Alternatively, spyware can make its way onto your computer as a secondary infection via a Trojan like Emotet. As reported on the Malwarebytes Labs blog, Emotet, TrickBot, and other banking Trojans have found new life as delivery tools for spyware and other types of malware. Once your system is infected, the spyware sends all your personal data back to the C&C servers run by the cybercriminals.
After your computer has been infected with spyware and it collects information about you, it then forwards this information to a remote location, such as command and control (C&C) servers or a similar repository where cybercriminals can access it.
Phishing
Phishing attacks usually use social engineering to manipulate its victims’ emotions against logic and reasoning and get them to share sensitive information. They are often performed using email spoofing-based attacks or cloned website-based attacks that function similarly.
Attackers employing phishing and spam email tactics will trick users into doing the following:
- Revealing their user and password credentials
- Downloading malicious attachments
- Visiting malicious websites
For example, you could get an email that looks like it’s from your credit card company, asking you to verify made-up charges to your account, and prompting you to log in using a link to a fake version of the credit card site. Unsuspecting victims attempt to log in to the fake site using their real usernames and passwords. Once hackers have that information, they can log in to and access your credit card account, and use it for identity theft and similar cybercrime.
Drive-by downloads
Drive-by downloads are cyber attacks that can install spyware, adware, malware, and similar software onto a user’s computer without the user’s authorization. They allow hackers to take advantage of exploits and security flaws in browsers, applications, and operating systems.
This cyber attack doesn’t necessarily need to trick the users into enabling it. Unlike phishing and spoofing attacks where the user needs to click a malicious link or download a malicious attachment, drive-by downloads just engage with a computer or device without the user’s permission.
Broken or misconfigured access controls
If a website administrator isn’t careful, the administrator could establish access controls that would make parts of a system that are meant to be private able to be accessed by the public. This misstep could be something as careless as neglecting to set certain backend folders that contain sensitive data to private. General users tend to remain unaware of broken or misconfigured access controls. However, hackers that perform specific Google searches can locate these folders and access them. A good comparison to this situation is a burglar entering a house through an unlocked window as opposed to a burglar breaking into a house through a locked door.
Benevolent hackers and data breaches
A data breach, similar to most types of cyber thefts, involves hackers attempting to gain unauthorized access to your computer or network and steal your private information. However, there are some instances where this theft is performed with benevolent intentions.
Like many cybersecurity researchers, “white hat” hackers and other benevolent hackers will attempt to break into your computer or network to discover exploits and vulnerabilities, and then make others aware so that they can create a solution that remedies the exploit.
For example, after nine months of reverse engineering work, an academic hacker team from KU Leuven University in Belgium published a paper in September 2018 that revealed how it defeated Tesla’s encryption for the Model S.5 The team’s work helped Tesla create new cybersecurity technology for its vehicles that remedied the exploit the KU Leuven team discovered and used it to clone the Model S’s key fob.