OWASP : SENSITIVE DATA EXPOSURE Attacks

Sensitive data is any information that’s meant to be protected against unauthorized access. Data exposure happens when data is left unencrypted in a database or server accessible to anyone. Sensitive data are often exposed when configuration details for systems and applications are left unsecured online. Sensitive data can include anything from personally identifiable information (PII), like social insurance numbers, to banking information, to login credentials. When this data is accessed by an attacker as a results of a data breach, users are in danger for sensitive data exposure. Data breaches that end in the exposure of sensitive credentials can include costs within the millions of dollars, destroying a company’s reputation along with it.

Sensitive data exposure occurs when a web application, company, or other entity mistakenly exposes personal data. It occurs as a result of not adequately protecting a database where information is stored. This could be a result of a large number of things like weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database.

Data exposure is often linked to how an organization handles certain information. Sometimes, sensitive data are often found stored in plain text documents. If websites don’t use Secure Sockets Layer (SSL) and don’t have HTTPS security on sites that store information, data is also in danger of being exposed.

Ways in which Sensitive Data are often Exposed

Any time a company lacks security methods, data is at risk of exposure. to boost strategies of mitigation on potential application attacks, development and security teams must first have a firm grasp on the ways in which data is susceptible to exposure including:

Data at Rest : All data which doesn’t move within the network is at rest. This includes archives, backup files, databases, etc. It’s thought to be less vulnerable without the threat of attacks in passing, but more valuable. Well, an attacker can access it through an absence of authentication, poor access control on a repository, etc.

Attackers use different methods to get hold of this data, often using malware like Trojan horses or computer worms. Both of those gain access into system data through direct downloading from a malicious USB drive or by clicking malicious links that are sent via email or instant message. If data is housed in a server, attackers could get ahold of information stored in files outside of the traditional authenticated areas of access. This increases the probability of a directory traversal or path traversal attack.

Data in Transit : Data transmitted over a network is known as data in transit. Data is usually on the move, sending commands and requests across networks to other servers, applications, or users. Data in transit is extremely vulnerable, especially when moving across unprotected channels or to the application programming interface that permits applications to communicate with each other. As an example, once you browse the web, you generate HTTP traffic which carries data between you and also the target server. Because it’s in motion, this sort of data is often targeted in many ways.

One attack that targets data in transit is man-in-the-middle (MITM) attack, which intercepts traffic and monitors communications. Attackers rest in between the 2 entities, able to intercept all data in motion-including login credentials. Another takes advantage of a vulnerability within the protocols for creating secure sockets layer (SSL) code. SSL code is employed to encrypt data, making it harder to decode into plain text if intercepted. An SSL attack can imitate a secure script, deceiving users into clicking on malicious code. The vulnerability in SSL protocols will leave room for code injection attacks like XSS that can run corrupted browser-side requests.

Attacks that expose Sensitive Data :

There are several application attacks that can expose sensitive data. These include :

SQL Injection Attacks : SQL injection is a cyber-attack which targets the database with the help of specific SQL statements that are crafted to trick the system into performing different and undesired tasks. The SQL injection attack changes the code from what it’s originally commanded to do. If servers don’t have a tricky line of defense against identifying manipulated code, attackers could successfully manipulate commands into retrieving access to sensitive data. looking on the strength of the command or request programmed into the malicious code injection, attackers could gain persistent access into unauthorized areas of the application, able to come and go as they please.

Network Compromise : “Compromised” may be a nice way of saying that somebody or something has maliciously broken into your computer without your knowledge or permission. It means you cannot trust the integrity of any file on your computer. you cannot see what’s been done to your computer files without an exact “before” copy to match them with, and you most likely won’t ever know what’s been done with your personal information, including your passwords, or where they have been sent.

When a network is compromised, all data is left in danger of exposure. This is often very true if attackers hold a relentless yet silent presence, common in attacks like session hijacking. The time users are logged in is noted as a session, labeled with a singular session ID. If attackers access this ID, they’ll access cookies that hold onto activity and credentials across different websites. With an exploitable vulnerability, Hackers can launch attacks, leaving few indicators of compromise. If left undetected, cyber criminals have data at their disposal, leaving users in danger of sensitive data exposure or fraud.

Broken Access Control Attacks : Access control enforces policy in a way as such users cannot act outside of their intended permissions. Failures typically result in unauthorized information disclosure, modification or destruction of all information, or performing a business function outside of the bounds of the user. Broken access control attacks are common, their commonality comes from their ability to bypass security scanning tools, including Dynamic application security testing (DAST) that takes a deeper understanding of how data works within an application. The false-negative result produced by DAST tools leaves a vulnerability unpatched, which could lead to a successful broken access control attack. This leaves user confidentiality and web servers at risk of exposure or complete takeover.

Ransomware Attacks : Ransomware is a sort of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to revive access to the information upon payment. Integrating this malicious software onto devices is usually executed via an attachment or link users believe to be from a trusted source. Attackers hold the key to decrypting information, and send an email demanding money or information for decryption. Since attackers have the key to decryption, they need access to all or any information within the pc system and can do with it as they please.

Phishing Attacks : Phishing is often used to steal user data, including login credentials and credit card numbers. Targets are most frequently contacted via email or text message by attackers posing as legitimate organizations. It occurs when a hacker, posing as a trusted source, lures a victim into opening an email, instant message, or text message. If targets are tricked into thinking the attack could be a representative of the trusted source, they’re likely lured into providing sensitive details that attackers could use to hack into their accounts, steal their credit card information, or acquire social insurance numbers.

Insider Threat Attacks : An insider threat may be a security risk that originates within the targeted organization. This doesn’t mean that the attacker must be a current employee or manager within the organization. they might be a consultant, former employee, business partner, or member. Anyone who has access to sensitive details could initiate an information breach, breaking in and stealing unauthorized information. This misuse of access often goes unnoticed, as organizations specialize in attacks coming from outside sources and spend little time implementing defenses on insider attacks.

How to avoid Sensitive Data Exposure :

• Always encrypt sensitive data, even when it’s in transit form, especially after you are storing it. For extra sensitive data, try limiting its accessibility to only one or two of authorized users with separate private keys (in case of encryption).
• Weak passwords result in easy security breaches. To get strong passwords, you may use the hashing function algorithm. With that, it’s advised to alter your passwords regularly and maintain a unique password for each different platform.
• Risk levels to sensitive data change with time. it’s recommended to regularly monitor and conduct a risk assessment for any potential threat for your sensitive data.
• During an information theft, the utmost losses occur due to no proper backup of data. Maintaining a secure and guarded backup would facilitate your to reduce the losses.
• It’s important that you just have secure authentication gateways. With the utilization of advanced standard security, like SSL and TSL, you can make sure that the information flowing between a web browser and a web server isn’t only encrypted but also remains private. Additionally, HTTPS offers secure communication protocol for the applications using it.