A security breach is any incident that results in unauthorized access to digital data, applications, networks, or devices. As a result of such an incident, access to information is gained by those for whom it isn’t intended and they might even be able to modify it. As a rule, this happens if the hacker manages to bypass the protection mechanisms.
Confidential information is of great value. On the dark web, for example, they sell names and credit card numbers, which can then be used for identity theft and other fraudulent purposes. Loss of clients’ data is a huge blow to a company’s reputation. Unsurprisingly, security breaches in companies lead to huge losses. For large corporations, the damage from one incident averages almost $4 million.
We classify security breaches based on how exactly a system was accessed.
Security breach vs exploit
Exploits are a subset of security breaches. They contain data or executable code that can exploit one or more software vulnerabilities on a local or remote computer.
For example, you have a browser that has a vulnerability that allows the execution of “arbitrary code.” That is, it allows people to install and run some kind of malicious program on your system without your knowledge, or provoke some other behavior in the system that you don’t expect. Most often, the first step of attackers is to expand their access, which essentially allows them to do whatever they want on the attacked system.
Exploits of unknown vulnerabilities discovered and used by criminals, called zero-day vulnerabilities, present a particular problem. It can take a long time before manufacturers become aware of a problem and fix it.
Cybercriminals often prefer exploits to other methods of infection because, unlike social engineering, in which everything is done at random, exploiting vulnerabilities invariably produces the desired result.
There are two ways to “feed” exploits to users. First, when they visit a website containing malicious exploit code. Secondly, when a user opens a seemingly harmless file with hidden malicious code. As you might guess, in the second case, spam or phishing emails are used to deliver the exploit.
Exploits are designed to attack specific versions of software containing vulnerabilities. Thus, if the user has the right version of the software when opening the malicious object, or if the website uses this software to work, then the exploit is launched.
Once it gains access through the vulnerability, the exploit downloads additional malware from the criminals’ server, performing subversive activities such as identity theft, using the computer as part of a botnet to send spam, perform DDoS attacks,etc.
Exploits pose a threat even to cautious and conscientious users who regularly update their software. The reason lies in the time gap between the discovery of a vulnerability and the release of a patch to fix it.
Security breach vs vulnerability
A vulnerability is an error in the code or logic of the OS or software application (AKA a bug) or a lack of a certain feature that has security implications. Since modern operating systems and applications are very complex and include many features, it is very difficult for developers to create software that is entirely free of bugs and vulnerabilities.
Unfortunately, a lot of virus creators and cybercriminals make significant efforts to find vulnerabilities in the OS and applications and then use them for their own purposes until vendors release respective patches.
The most common vulnerabilities include:
IDOR (Insecure Direct Object Reference) means “insecure direct references.” A simple example is when a link to a user’s profile has a personal identifier at the end, something like site.com/user/detail/edit?id=564563. A number is assigned to each registered user.
Here it is easy to guess that this identifier can be changed, and if this vulnerability exists, we will transition to someone else’s profile.
So an attacker can get into other people’s profiles on the site by simply altering the identifier. This might be harmless, but can sometimes be a serious security breach.
In order to be exploited, the IDOR issue must be combined with an Access Control issue. The latter actually lets the attacker access the object for which they have guessed the identifier without having correct authorization.
There are many options here: the script can be added to the page after being hacked or downloaded from another site using a link. Or it can be located in a link instead of an identifier, as in the previous example. It can even be entered into an input field on a form, and if validation is not required for these fields, then the browser will perform it.
You can fix the XSS vulnerability by validating the data entered into fields in the browser. All the ways in which an XSS vulnerability can be exploited should be tested and blocked by programmers. You may also want to prevent scripts from accessing cookies.
If the site uses a database for data storage — and almost all CMS do — then it is possible to use an SQL injection. An SQL injection is a substitution of a database query, which leads to the output of completely different information than what was planned.
Most often, input fields in forms and links with parameters are used for an SQL injection. That way the hacker can both embed his or her code into the pages of the site and get full access to the admin panel.
You can protect yourself from this vulnerability by checking links and data in input fields. Their strict filtering will help to block or neutralize code that an attacker might try to submit for execution.
Access to site’s folders
Sometimes sites have a vulnerability that allows an attacker to see the site’s folders and the files they contain.
For this, it is enough to get the name of some file that can be downloaded from the site. The directory is already shown in its link. Then you can simply substitute the “../” symbol in the link, which will allow you to move up a level through the nesting of folders and eventually get to the desired, for example, root folder. Since the location of the main files for all sites or for a specific CMS is well known, an attacker can easily open them and read their data.
Such a vulnerability can be used to run malicious code, and even change pages or replace them.
You can protect yourself from this by disabling writing in directories, not using file system data on the site, filtering links, and denying access to folders.
When a site offers visitors the option of uploading files, this may create another dangerous vulnerability: spoofing. That is, for example, instead of an avatar, an attacker can upload a file with malicious code, and if he or she knows where it’s saved, then it won’t be difficult to launch it.
You can protect yourself from this by forbidding the execution of files in the folder where they are saved. You can give them random names so that an attacker cannot find your file and run it. Also, images can be subjected to additional processing on the server. You may, for example, crop them and save them again in the correct format. Then it will no longer be possible to run the code embedded in them.
Security breach vs risk
If a security breach is an already realized possibility, an assessment of security risks is an amalgamation of all possible breaches. Minimizing security risks includes:
- Having a security plugin installed.
- Scheduling automatic security scans.
- Keeping your computer, WordPress, plugins, and themes updated.
- Enabling 2-factor authentication.
- Using complex passwords and changing them often.
- Using dedicated, isolated or cloud hosting.
- Regularly backing up all data.
- Limiting access to the admin panel and other files. Using the read-only mode.
- Having an SSL certificate installed and enabled.
Security breach vs threat
Security threats are all around us. To keep these threats from causing a security breach, you need to follow the points from the previous tab.