Data Manipulation Attacks Difficult To Detect But Preventable
By Tim Bandos, VP of Cybersecurity, Digital Guardian
Conventional wisdom says that once an attacker is in the system, moving laterally from network to
network, the damage is already done. The adversary has found a way in and more than likely identified
the data they’re after. They simply need to exfiltrate it—the last step of the kill chain―to land the final
blow.
In some scenarios, however, it’s what the attacker doesn’t do that could have a more devastating
outcome on the enterprise.
Data manipulation attacks—attacks in which adversaries don’t take data but instead make subtle, stealthy
tweaks to data usually to elicit some type of gain―can be just as, if not more crippling for organizations
than theft. The ability of attackers to manipulate and shift data around is a real threat, one that could
cause widespread financial and even physical harm, if done successfully.
Consider the stock market. Hypothetically speaking, if an attacker were to successfully breach the IT
systems and databases responsible for updating a stock ticker symbol and manipulate data to show a
billion-dollar tech giant like Apple, Microsoft, Google, or Amazon taking a nose dive, it would cause