informa
Announcements
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Database Security
2 MIN READ
Commentary

Why Database Monitoring?

Hoping other people detect your breach before you lose millions is not a good strategy
Adrian Lane
Contributor
May 17, 2013
Why should you monitor database activity? This is why! Hackers stole $45 million from ATMs -- a theft made possible by breaching several bank databases and make simple alterations that allowed thieves to siphon of cash.

Do you understand how hard it is to take $45 million from ATM machines in $2,000 increments? Do you realize that's more than 20,000 withdrawals? What's more troubling is this was the second attack. The first, committed several months before, successfully netted $5 million. Police caught up with some of the attackers on the second attack only after they had managed to steal another $40 million, but not by being nabbed at ATMs or tracked back to the source. Rather, one of the "money mules" got greedy, killed one of the ringleaders, and police stumbled on the theft ring as part of a murder investigation.

The sad thing is that the easiest point of detection should have been through the database. The entire attack is predicated on breaching the database of ATM/gift cards, finding the card numbers, and altering the withdrawal limits of those cards. For you database experts out there, you know that this takes about three or four SQL statements to do. It's also a dead simple attack to detect, and one of the types of attacks that database activity monitoring systems were designed for.

The simplest way to stop the thieves would have been to detect the alterations and then lock the card numbers or limits so they could not be used. Or they could have detected the attack and then coordinated with law enforcement to catch the thieves as they started taking out money. They would have had lots of opportunities to catch them -- about 20,000 or so.

And if you read the Verizon Data Breach Report, you noticed that 69 percent of the breaches were not detected by the company; rather, they were detected by outsiders. So what sounds easier, faster, and cheaper? Hoping someone outside of your company detects the data breach for you before $45 million is stolen, or detecting the first phase of the attack while it happens?

Sure, this is one of the more costly attacks in the past decade, but the point should be clear: Monitor databases that hold financial information!

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading.

Risk
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Top macOS Malware Threats: Here Are 6 to Watch
Jai Vijayan, Contributing Writer, Dark Reading
Dark Reading Launches Inaugural CISO Advisory Board
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading
Meet Charlotte, CrowdStrike's New Generative AI Assistant
Dark Reading Staff, Dark Reading
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
Tara Seals, Managing Editor, News, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports