6 Types of Database Hacks Use to Obtain Unauthorized Access

Infamous database hacks from the past

Throughout history, we’ve witnessed jaw-dropping database hacks that resulted in astronomical damages and data leaks.

Examples of companies affected:

• Yahoo (2013)
• Equifax (2017)
• eBay (2014)
• Marriott (2018)
• Facebook (2019)
• MySpace (2013)
• LinkedIn (2012)
• Adobe (2013)
• SolarWinds (2020)

As you can see, it can happen to the best of them, and you can rest assured these kinds of companies know something about cyber security (or have the funds to hire the best cyber security experts to guide them).

As history teaches us. not even the most professionally configured databases are hack-proof.

With that being said, the types of database hacks to be aware of today could be more than beneficial.

With this out of the way, we’ll be covering the types of database hacks database forensics specialists often need to investigate.

1. Brute forcing

Even to this very day, forensics database examiners still see a myriad of cases where the login credentials look something like this:

Username: admin

Password: 12345

Despite all the educational campaigns and efforts to raise cyber security awareness, this happens regardless. With cyber defenses like these, the neighbor’s kid could easily hack his way in, and then people wonder why they got compromised.

As convenient as easy-to-remember passwords may be, it’s exactly what a brute force attack seeks to capitalize on. In essence, this form of database attack is an attempt to break through the login screen by trying out every combination of credentials possible. The shorter and less complex the password, the less time it’s going to take to compromise it.

Please put in a little more effort than this.

The times it takes to brute force a database password

With modern technology and fast internet speeds, imagine how long it would take for hackers to brute force their way through a 5 character password like the example we’ve outlined above. According to Techrepublic, the answer is: IMMEDIATELY!

If we upped the character count to 12 and used only numbers as part of the password string, the answer would change to 2 seconds. If, however, we added some uppercase and lowercase letters to the mix and still kept the total character count at 12, hackers would need roughly 24 years to brute force their way through.

How to defend against brute force attacks

This is one of the main reasons why cyber security experts preach the importance of coming up with complex passwords so devotedly.

• Ideally, your database should be long and consist of numbers, special symbols, uppercase, and lowercase letters.

• Don’t forget to change your passwords on a regular basis.

• Utilize cyber security plugins that prevent too many login attempts from the same IP in a short timeframe.

• Change the default user credentials (yes, even the username should be something different than “admin”). As luck would have it, modern databases tend to have this as a requirement.

2. SQL injection

In certain cases, a database will have some kind of a front-end interface attached to it that allows the users to interact with it in various ways, whether it be to:

• Add data to it
• Modify records
• Delete records
• Execute specific searches
• etc.

Front-end interfaces – the Achilles’ heel

Oftentimes, as noted by the industry’s database forensics specialists, these web applications are ripe for exploitation by launching an SQL injection attack against them. In fact, it’s often easier to execute this kind of attack on the front-end interface rather than the database itself.

However, note that, for an SQL injection attack to be made possible, the input fields must let SQL statements go through to the database without filtering them, so this kind of attack won’t always be successful. If you are concerned about being targeted, it helps to think of front-end interfaces as the weakest link.

Front-end applications tend to be the Achilles’ heel of database security.

An ounce of prevention is worth a pound of cure

By resorting to this technique, an attacker could send a malicious command to the database that can do all sorts of things, including corrupting the database or stealing data from it. In the event of such an attack, trying to restore the database can be a fruitless endeavor without industry-grade digital forensics tools like DBF by SalvationDATA that allows you to restore it at the click of a button without requiring any kind of technical knowledge on your end.

To avoid being on the receiving end of an SQL injection attack, rather than working on the curative aspect of it, it’s better to focus on preventative measures instead. In other words, the answer lies in following good programming practices, particularly the known as “bind variables” that can stop this kind of attack in their tracks. Programmers should also think twice about displaying certain error messages, as these could potentially contain exploitable information.

3. Packet sniffing

Packet sniffing is a malicious practice that involves eavesdropping on a computer network and spying on bits and pieces of data that pass in between. Database forensics experts warn this often happens when people connect to public Wi-Fi networks that are insecure by nature and very much open to these kinds of attacks because anyone can connect to them.

If you thought that connecting to your coffee shop’s free Wi-Fi to do some work in a relaxing ambient was a good idea, you may want to think about that again.

Want some insecure Wi-Fi with your coffee? No, thanks!

Back to the topic at hand, packet sniffing works especially well to make sense of web traffic that’s unencrypted. Using this method, an attacker can intercept sensitive data, including the database’s login credentials if they’re entered in the process. There are two ways to execute the attack, either with the help of:

Hardware packet sniffing

Hardware packet sniffers are physical devices that are intended to be attached to a network so they can examine the traffic that passes through it. By hiding it, a malicious insider can pry their nose into someone else’s business. However, hardware packet sniffing also has a legitimate use which is to double-check whether any packets are being lost during communication. These devices can also store logs for network forensics experts to analyze further.

Software packet sniffing

Software packet sniffers have the exact same function as their hardware counterparts, with the added exception that they’re completely digital. They’re also what digital and database forensics experts have to deal with more often. In essence, a software packet sniffer will store logs of any kind of traffic that passes through it, even the one involving someone who’s trying to work with a database. If such an individual were to pass any login credentials through it, it’s not hard to guess in whose hands they would end up.

4. Privilege escalation

Another way a database can be brought to its knees is by someone abusing having a higher level of access privileges than what’s necessary for them to complete the task, which is often seen as part of malicious insider attacks. However, a hacker can also compromise a system through the internet and then award themselves higher access privileges, a practice that’s otherwise known as privilege escalation.

This can occur due to a variety of reasons such as:

• Software being out of date
• The operating system being out of date
• Misconfiguration
• etc.

After becoming the system’s administrator, all a hacker needs to do is reset the database’s password and they’re inside. In some instances, obtaining the database’s credentials may not even be necessary – they would be granted access merely due to having administrative privileges.

Does this guy really need to be awarded administrative privileges to do his job?

If you thought this was bad, there’s something even worse – sometimes, even a normal user account can compromise a database given they have read-only privileges. In other words, if they can read the contents of a database, they can also steal them. And if the database contains sensitive information such as passwords or credit card numbers, you’re in trouble.

The example above showcases how database forensics experts and law enforcement staff are often tasked to extract evidence of criminal activity from databases using modern digital forensics solutions like DBF by SalvationDATA. This grants them access to several cutting-edge industry features like being able to bypass the database’s security, restore corrupted databases, and saves them a ton of money in the process that would otherwise have to go towards hiring additional manpower.

5. Exploiting software vulnerabilities

In the digital world of today, hardly a day goes by without some vulnerability being discovered by cyber security researchers. The good news is, that once updates are released, you resolve the problem by installing them. The bad news, however, is that certain webmasters and administrators don’t take the time to update regularly enough, which leaves them wide open to an attack.

This is one of the reasons why database vendors rarely, if ever, disclose the details surrounding the vulnerability. After all, they wouldn’t want to broadcast this amazing window of opportunity to those who would gladly exploit the knowledge. The white-hack hackers and security researchers that discover the vulnerabilities usually report them in secrecy due to the same reason and so that the patch can be released without anyone being targeted.

The reason why webmasters often delay installing the patch

No, it’s not laziness. Oftentimes, it’s not even due to lacking education about proper cyber security hygiene. Indeed, even educated people are guilty of delaying installing the patches sometimes, and it’s due to the simple fact that maintenance takes the database offline while the updates are applied. This could mean that, while the update process is running, the entire company’s website could be unreachable if it depends on having the database operational, and this could cost them lost sales.

A single minute of downtime can cost thousands in lost revenue.

The bottom line is, if hackers find out what database version you’re running and it happens to be an older one, they know exactly what vulnerability they can exploit to obtain unauthorized access. So essentially, it becomes a game of balancing lost revenue due to downtime against a major calamity of being hacked.

6. Stolen backup tapes

Another way for a database hacker… is to not hack it at all. Instead, they can go after the backups. Clever! Since these often don’t utilize any kind of encryption, they’re ripe for the taking, which allows the hacker to get easy access to the sensitive data that might be stored within.

If these backups are stored on physical media, a malicious insider could sneak inside the premises and steal them, so there’s certainly a physical element to this type of database attack. Another such scenario might occur when one of these physical backup copies gets lost during transport.

Once again, this highlights the importance of securing your backups whether they’re stored in a digital format or not. You can’t afford to have them stolen!

Conclusion

To breach through a database’s defenses, hackers and would-be criminals often resort to a wide array of techniques. But now that you know where to look for clues, solving a case involving a database breach should be much more straightforward.