Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
John Moynihan
John Moynihan
Connect Directly
E-Mail vvv

Data Manipulation: An Imminent Threat

Critical industries are largely unprepared for a potential wave of destructive attacks.

An approaching cyber storm—one capable of unleashing unprecedented chaos—is looming on the horizon of the United States’ public and private sectors. Although experts warn that attackers are poised to launch sophisticated campaigns designed to manipulate financial, healthcare, and government data beyond recognition, our critical industries remain largely unprepared for these potentially destructive attacks.

To date, those capable of conducting malicious cyber operations have been intent upon stealing personal, health, education, and financial information and pilfering the precious intellectual property of leading defense, technology, and manufacturing corporations. Their motive: to spread chaos. At separate events in August, I listened as General Gregory Touhill, just named by the White House as the first federal chief information security officer, and Theresa Payton, a former White House CIO, cautioned that data manipulation attacks are coming. Assuredly, the cyber threat landscape is about to shift dramatically.

The following represents a simplified example of what a data manipulation attack might look like and the widespread disruption that could ensue.

Through the deployment of a stolen privileged user password, customized malware, or other form of cyber weaponry, an adversary is able to penetrate the network perimeter of a major financial institution. Because most organizations lack proper network segmentation, the hackers immediately proceed to the organization’s digital treasure chest: the customer database. Soon thereafter, the undetected visitors gain access to a database that houses the intricate details of 3 million mutual fund accounts.

Once inside the database, the electronic invaders begin to systematically alter the repository’s tables, resulting in cascading revisions to the numeric values of each account. The systematic manipulation is performed over a three-month period, coinciding with the issuance of quarterly statements, so that most customers won’t notice the problem until the attack is over and the culprits long gone. Further, given that the manipulation doesn’t occur on any specific date but conducted over several weeks, correcting the problem through a single system restore is impossible. The remediation process will require extensive and manual recalculation, verification, and testing.

Eventually, customers realize that the institution to which they’ve entrusted their financial futures has been hacked and their 401(k) accounts compromised. Regardless of the bank’s assurances that all funds are secure, customers panic when they’re told that it may take several months to determine the actual balance of their accounts and that all withdrawals may be suspended until the process is completed.

Consider the impact of similar data manipulation campaigns, conducted simultaneously, throughout the healthcare, government, manufacturing, and telecommunications sectors. Widespread chaos would be an understatement.

Who's Watching?
To those who assume that critical databases are well protected from this form of malice, the findings contained within a recent Osterman Research survey suggest otherwise. The research, which surveyed approximately 200 organizations with an average workforce of 22,000, reveals an astonishing lack of database oversight. Among the report’s most glaring statistics, 47% of respondents acknowledged that no individual or functional group is responsible for monitoring databases for unauthorized activity.

In other words, although many organizations maintain your personal information within databases, nearly half admit that they’re incapable of detecting unauthorized data access. This inexcusable situation exposes the personal information of many Americans to the imminent risk of theft and manipulation.

Although adopting a structured database security program is not an insurmountable task, it’s one that requires ongoing resource commitment and the support of executive management. Twenty years ago, at the direction of a forward-thinking senior manager, I implemented a public sector database security program. Without the benefit of the advanced solutions currently available, an innovative group of technology professionals and information security auditors developed an ongoing process to detect unauthorized database activity in a timely fashion. Throughout the 10 years that I managed this program, several unauthorized accesses were quickly identified and disrupted through this continuous monitoring process. If we could monitor databases for malicious activity back then, surely most can do so now.

The threat of a coordinated data manipulation campaign is a reality that has the potential to overwhelm critical industries and disrupt the economic and social fabric of the United States. Unfortunately, many organizations have yet to implement the basic safeguards necessary to swiftly detect this type of electronic attack and therefore remain totally unprepared to prevent the consequences. It’s time for those who maintain our most confidential data to take the steps necessary to protect against this emerging threat by deploying more robust detection measures and implementing an ongoing monitoring program.

Related Content:

John Moynihan, CGEIT, CRISC, is President of Minuteman Governance, a Massachusetts cybersecurity consultancy that provides services to public and private sector clients throughout the United States. Prior to founding this firm, he was CISO at the Massachusetts Department of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
11/16/2016 | 9:32:08 AM
Cyber security
More of the attacks are coming our way and we are here as ordinary cyber users doing nothing. It is high time to take up the issue and secure our connection from being tracked by deplying reliable vpn server like PureVPN which offer great services at minimal costs. They have encrypted online connections which is good for security. 
User Rank: Apprentice
9/13/2016 | 10:13:40 AM
The same will hit Internet of Things.
There is a big misconception about securing IoT systems: "who is interested in the data of this sensor?", for instance a temperature. Probably only the owner of the sensor. But this might not be the right question to ask. It should also include "can I trust that data?", especially if the temperature is measured to control something else automatically. Manipulating the temperature can destroy a steel mill furnace, or a shipment of deep-freezed fish. Just knowing that someone can take over your sensor also leaves you open to extortion schemes; "we want $$$ to NOT destroy your shipment, or plant".

Internet banking is built on trusting the user, the online bank and the transaction. An Internet of Things connected world requires the same level of trust to work.
Olaf Barheine
Olaf Barheine,
User Rank: Apprentice
9/12/2016 | 10:28:37 AM
What I do not understand...
It is everywhere the same, not only in the US. But I always wonder, what could be the reasons that companies are so unprepared? Is it because of the costs for security? Is it a lack of know-how? Do they still underestimate the threat of cyber attacks? Or what is it? I mean, the press is full of reports about successful cyber attacks. So everybody should know about the risks and take it serious.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Botnet Infects Hundreds of Thousands of Websites
Robert Lemos, Contributing Writer,  10/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-28
SonicWall Global VPN client version and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
PUBLISHED: 2020-10-28
SonicWall Global VPN client version and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
PUBLISHED: 2020-10-28
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
PUBLISHED: 2020-10-28
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.
PUBLISHED: 2020-10-27
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.