In late 2020, hackers infiltrated the computer systems of the European Union’s medical agency and accessed data about Covid vaccines being developed by Pfizer and Moderna. Before leaking the information online, the hackers manipulated the data in order to “undermine trust in vaccines,” authorities noted at the time.
Unfortunately, the episode signals a rising trend in cybercrime. Law enforcement officials and IT security professionals alike say malicious actors are increasingly launching attacks that compromise data integrity through manipulation or alteration. Such attacks are meant to sow disinformation, create distrust and, of course, generate revenue.
Whether carried out as an act of revenge by a disgruntled employee, industrial espionage by a competitor or as a means of protest by hacktivists, data tampering can have devastating effects on organizations of all shapes and sizes. By undermining confidence in essential data, such attacks directly affect decision-making and can impact all aspects of operations — from sales and marketing to budgeting and distribution.
Healthcare, financial services and government organizations have been the most frequent targets for such disinformation attacks. In many cases, the attacks are meant to provoke doubt and chaos. For example, several years ago hackers gained control of the Associated Press Twitter account and sent out a fictitious tweet about explosions in the White House. The news panicked the financial markets, wiping out $136.5 billion of value before markets recovered.
Data tampering poses particular concerns for the healthcare industry. Security researchers have already demonstrated that it is possible to use deep learning applications to add or remove abnormal findings such as nodules or tumors to CT and MRI images. Researchers note that attackers could also alter health information to commit insurance fraud, interfere with patient care or smear political candidates. It’s even theoretically possible to commit murder by increasing or decreasing someone’s prescribed medications.
For most businesses, the financial loss represents the greater risk. Malicious actors can gain control of banking or investment accounts by changing payment recipients or account owners and altering payment destinations and amounts. Additionally, hackers can manipulate a business’s website code to redirect users to malicious sites or steal credentials.
File Integrity Monitoring
End-to-end encryption, multifactor authentication and identity management solutions are among the essential preventive measures. However, none of those can help identify and correct any data that has been altered. That’s why more organizations are adopting file integrity monitoring (FIM) solutions.
FIM systems examine files to see if, when and how they changed, who changed them and whether those changes were authorized. FIM systems compare a file’s current to a known, good baseline, typically using cryptography to generate a mathematical value called a checksum. Files may be monitored at predefined intervals, randomly or in real time.
By default, most FIM systems monitor servers, databases, network devices, directory servers, applications, cloud environments and registries to alert administrators to unauthorized changes. That can be overwhelming for IT staff given the sheer volume of files being monitored. However, it is possible to reduce the load by creating policies that define specific files that must be monitored.
Data is the lifeblood of modern businesses, providing insights that help companies make better decisions, improve services, boost sales, streamline processes and optimize costs. FIM systems can help ensure that critical decisions are based on accurate data.
In our next post, we’ll describe what to look for in a FIM solution and how to integrate FIM into an enterprise security strategy.