The Future of Data Breaches & Database Security Threats

14 November 2012

McAfee Labs researchers expect data breaches to continue to increase with more disclosures. The total number of data breaches, which includes database security attacks, in the third quarter of 2012 surpassed all of 2011 (source: privacyrights.org), although the volume was not exceptionally high. This growing threat presents a critical security area for businesses that need to fortify data protection and database security systems.

In the near future, McAfee Labs researchers expect changes in both the volume and sophistication of attacks.

  • Biometric authentication — This new technology will become a popular target as more financial institutions and businesses adopt it for authentication over older, less secure methods. Biometric authentication uses physical characteristics of the user, such as fingerprint recognition. This new technique will become a desirable target for fraudsters.
  • Multifactor authentication — This method uses more than one factor to authenticate users. We expect attacks that use multifactor authentication, such as Operation High Roller, to continue to increase. Learn more about the characteristics of Operation High Roller attacks.

What lies ahead for data and database security threats? Businesses should be aware of the current threat landscape and the recent breaches and vulnerabilities.

  • Recently, a hacktivist group claiming to be associated with Anonymous said they had lifted more than 12 million Apple unique device identifiers. It remains unclear how will this stolen data be used.
  • In the third quarter of 2012, two Oracle zero-day flaws were announced at two separate security conferences (Black Hat and Ekoparty). Zero-day flaws are security vulnerabilities that are discovered before the vendor can fix them with a software patch. Since the beginning of 2012, close to 100 new database-related vulnerabilities have been disclosed or just silently patched by their developers.

With database breaches reaching an all-time high in 2012, it is clear databases are serious targets. Although McAfee Labs has not seen an upward trend in database breaches, it is significant that two zero-day vulnerabilities were announced in the small database security community (relative to the web and malware communities) within weeks of each other.