By Randy Reiter CEO of Don’t Be Breached
July 2021 has Been A Busy Month in Cyber Security
The Associated Press published on Tuesday, July 13, 2021 that on September 1, 2021 a new law in China requires all Chinese citizens finding a Zero-Day Vulnerability to provide within 48 hours the details to the Chinese government. A Chinese citizen must NOT give or sell the information to third parties outside of China (apart from the product’s manufacturer).
Other Data Breach and Ransomware July 2021 News
- Microsoft reported that a SolarWinds Serv-U Zero-Day (not related to Solarwinds December 2020 Supernova attack) was exploited by a Chinese Hacking Group. The Hackers were detected targeting US defense industrial base organizations and software firms. The Zero-Day allows Hackers to remotely run code with SYSTEM PRIVILEGES, allowing them to perform actions like install and run malicious payloads, or view and CHANGE
- Microsoft released patches for three Windows operating system Zero-Day vulnerabilities that were already being exploited by Hackers. The vulnerabilities included Windows SYSTEM PRIVILEGE escalation issues, scripting engine memory corruption bug and drive-by attacks via web browsers.
- Microsoft releases a security update for Windows Print Spooler vulnerability that allows a Hacker to install programs; VIEW, CHANGE, or DELETE data; or create new accounts with full user rights.
- SQL injection vulnerability in the WooCommerce plugin affected more than 5 million WordPress websites.
- Healthcare DATA BREACHES spiked 185% in 2021. The Healthcare sector will remain a prime target throughout 2021.
- Morgan Stanley disclosed a July, 2021 DATA BREACH where Hackers stole customer data such as customer name, address, birth date, Social Security number, and corporate company name. The data compromised did not include passwords that could be used to access financial accounts. Morgan Stanley said the compromised files were encrypted; however, attackers were able to obtain the decryption key during the data breach.
Zero-Day Vulnerabilities that allow Hackers to operate with SYSTEM PRIVILEGES are a major threat to all organizations encrypted and unencrypted confidential data. Confidential data includes: credit card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland security, power grid and public utility data. This confidential data is almost always stored in DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL and SAP Sybase databases.
How to Stop the Theft of Confidential Database Data
Protecting encrypted and unencrypted confidential database data is much more than securing databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders and Supply Chain Attacks.
Non-intrusive network sniffing technology can perform a real-time full packet capture and deep packet inspection (DPI) of 100% the database query and SQL activity in real-time from a network tap or proxy server with no impact on the database server. This SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users typically process daily 2,000 to 10,000 unique query or SQL commands that run millions of times a day. SQL packet sniffing does not require logging into the monitored networks, servers or databases. This approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity 24×7 and protection of confidential database data.
In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency all issued requests for proposals (RFP) for network full packet data capture for deep packet analysis or deep packet inspection analysis (DPI) of network traffic. This is an important step forward protecting confidential database data and organization information.
Advanced SQL Behavioral Analysis of Database SQL Activity Prevents Data Breaches
Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what the normal database activity is. Now the database query and SQL activity can be non-intrusively monitored in real-time with DPI and non-normal SQL activity immediately identified. This approach is inexpensive to setup, has a low cost of operation and low disk space usage. Now non-normal database activity from Hackers, Rogue Insiders or and Supply Chain Attacks can be detected in a few milli seconds. The Security Team can be immediately notified, and the Hacker database session terminated so that confidential database data is NOT stolen, ransomed or sold on the Dark Web.
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 10,000 unique SQL queries that run on a database server.
This type of Data Breach Prevention can detect never before observed Hacker database query activity, queries sent from a never observed IP address and queries sending more data to an IP address than the respective query has ever sent before. This allows real-time detection of Hackers, Rogue Insiders and Supply Chain Attacks attempting to steal confidential database data. Now an embarrassing and costly Data Breach may be prevented.
About the Author
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He is the architect of the Database Cyber Security Guard product, a database Data Breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SAP Sybase databases. He has a master’s degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at rreiter@DontBeBreached.com, www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks.