Data Manipulation: An Imminent Threat

Hackers that are looking to cause more chaos than financial gain are nothing new, but this article reminded me how scary it can be.

The article describes a potential scenario where a hacker gains access to a bank’s internal network using traditional methods such as a stolen password, malware infection, etc. This is followed by getting privileged access into the customer database where detailed account balances and personal information is held. Over a three month period the hacker begins to alter and manipulate the data that is linked to customer transactions. Once the banks and customers realize what has happened it could take months for the data to be manually recalculated to the correct amounts. During this time customers are are wondering if they’ll have the correct and accurate balances, when, if ever, they’ll be able to make a withdraw, and if there is a safe place to place their money besides their mattress.

This reminds me of the story line in season 1 of Mr.Robot…

It’s easy to think that the financial sector has the best network and database security but I’m sure there are vulnerabilities. The large corporations may be better protected but some of the smaller financial companies may not have the same security luxuries to prevent an attack like this. The article points out a research survey of 200 organizations (average work force of 22k) and 47 % acknowledged that no individual or functional group is responsible for monitoring databases for unauthorized activity. This is alarming considering how much critical financial data is kept in these databases.

http://www.darkreading.com/attacks-breaches/data-manipulation-an-imminent-threat-/a/d-id/1326864?