June 24, 2020 By Cypress Data Defense In Technical
Who likes people messing with their stuff? We’ve learned (or known) since we were toddlers, what is ours is OURS and we don’t want people messing with OUR stuff. Same is true for our organization’s data. Don’t let attackers mess with it!
One of the most critical assets of an organization is this data and it is among the top priorities of businesses to prevent their data from being tampered with. Cyberattacks have witnessed a substantial increase every year. While organizations are addressing these security concerns, data authenticity continues to be one of the most critical factors when it comes to cybersecurity. Thus, companies are now finding ways to prevent data tampering and enforce better security in their organizations. Before we dive into the best ways for data tampering prevention, let’s take a look at how it affects your organization and why you should be concerned about it. According to the National Health Services (NHS), they lost $100 million to the WannaCry ransomware attack. What’s more disturbing is that cyberattacks such as ransomware often involve some kind of data tampering. Attackers insert malicious files that change the configuration of a network or system, modify user credentials to gain access to sensitive data, or tamper with log files. Imagine if an attacker infiltrated your company’s network, modified your customers’ data, and then tampered with the log files to cover their tracks. How long would it be before you realized you have become a victim of data tampering? Would you be able to trace the attack back to the attacker or secure your customers’ data? Attackers are increasingly using ransomware, a type of malware attack during which hackers encrypt an organization’s data or system and demand for ransom to release the decryption keys. According to Coveware, the average amount of ransom demand increased to $84,116 in the last quarter of 2019. While it is advised that companies do not pay ransom to attackers, often such attacks could leverage sensitive data of a company, and may threaten their entire business all at once.
Data tampering can have far-reaching, severe consequences on an organization. Two of the most important steps to contain the damage due to data tampering is to quickly detect that your data has been modified or tampered with and to maintain good backups of your data that are separated from your core data (so they cannot be tampered with). Clearly, it is imperative that businesses stay vigilant to protect their data from tampering attacks. Let’s check out what you can do for data tampering prevention. As businesses handle large volumes of data on a regular basis, prevention against data tampering has become necessary. Here are 5 effective ways you can use for data tampering prevention: Unprotected data, whether at rest or in transit, leaves organizations vulnerable to data tampering and other cyberattacks. One of the most effective ways to protect data-at-rest and -in-transit is encryption. Simply put, data encryption is the process of translating data from one form into another that unauthorized users cannot decrypt. How can data encryption prevent data tampering attacks? For example, you store your customers’ credit card details in a database, so by encrypting data-at-rest, you are essentially converting your customers’ sensitive data into an encrypted format that cannot be decoded or read without a decryption key. While attackers may be able to tamper with the encrypted data, they cannot tamper it in a meaningful way. For example, they cannot change a transfer from Steve -> Joe to Steve -> Attacker. To protect data-at-rest, you can simply encrypt sensitive data prior to storing it or encrypt the storage drive itself. For encrypting data in transit, you can use encrypted connections such as SSL, TLS, HTTPS, FTPS, etc. To further strengthen your data encryption, assign role-based controls to ensure only authorized users have access to the encrypted data. Additionally, you can also implement multi-factor authentication to increase security. Copy-on-write, often referred to as COW, is a concept used to maintain instant snapshots on database servers. It can also help with data tampering prevention. Each time a database is modified, delta snapshots are taken. Security teams can detect data tampering by monitoring snapshots and checking for unexpected file system snapshots. Many database applications and operating systems (such as Linux, Unix) come with a built-in snapshot feature. This makes it easy for enterprises to integrate COW or any other similar technology and stay updated about their database modifications. COW also helps protect data against potential cyberattacks such as ransomware based encryption attacks. Thus, it becomes easier to restore the file system to a pre-attack state with data in its original state, retrieve lost data, and eliminate any downtime. Hash-based message authentication code (HMAC) is a type of message authentication code (MAC) that consists of a cryptographic hash function and a secret cryptographic key. Basically, an HMAC is a way of signing a message/file so that if the data is tampered with, it is very easy to detect and then you know not to trust the tampered data. How does HMAC work for data tampering prevention? When two or more parties exchange data through secure file transfer protocols, the data is accompanied by HMACs instead of just plain hashes. This technology consists of a shared secret key and a hash function. A hash is taken of the message and that is then signed by the shared key. A shared secret key helps exchanging parties ensure the authenticity of the data. Thus, providing a way to verify whether the data and HMAC they receive is really from the authorized, expected sender and the message has not been altered. File integrity monitoring is a powerful security technique to secure business data and IT infrastructure against both known and unknown threats. FIM is the process of monitoring files to check if any changes have been made. How does this technology help with data tampering prevention? It assesses system files and generates a cryptographic checksum as a baseline. Then, the FIM repeatedly recalculates the checksum of the same resources, compares it to the baseline, and if it detects changes, it generates a security alert. FIM systems typically monitor user credentials, privileges, identities, operating systems, configuration files, application files, and encryption key stores. FIM systems are resource-intensive, especially while dealing with large amounts of data and those that change frequently. That said, it’s crucial to monitor files that are more vulnerable to cyberattacks or are confidential so that you invest your resources efficiently. Write once read many (WORM) systems refers to a storage technology where data, once written, cannot be overwritten or modified. This technology has long been used for archival purposes of large enterprises and government agencies. WORM systems offer a long-term storage strategy that ensures users cannot accidentally or intentionally erase or modify data. This technology provides virtual protection against erasure of data. Compromising data on WORM systems is difficult at best, but still possible if an expert with a high degree of technical knowledge has unrestricted access to the deepest levels of the operating system and gains access to the WORM drives. To ensure your WORM systems are well-protected, implement user access controls such as least privilege models that give users access to only what they need in order to perform their jobs. Data tampering is an emerging cybersecurity issue that could be devastating for an organization. While the impact of data tampering varies depending on the business value of the data compromised, it is more likely to cause severe damage to enterprises. Data tampering prevention can include simple security measures such as the encryption of data, and can include lengths such as using file integrity monitoring (FIM) systems for better security. Ultimately, which solution works best for you to secure your data against potential threats depends on your organizational needs. We can help you run security audits to ensure that your organization is secure from data tampering attacks and help you implement a sound, robust security model.What Are the Risks of Data Tampering?
How Can You Prevent Data Tampering?
1. Enforce Encryption for Data-at-Rest and Data-in-Transit
2. Copy-on-Write File Systems
3. Data Integrity using HMACs
4. File Integrity Monitoring (FIM)
5. WORM systems (Write Once Read Many)
Takeaways