an attempt to disguise the fact that the data is being intercepted. Proxying in such a case refers to the man-in-the-middle intercepting requests and then transmitting them (either in modified form or unmodified) to their original intended destinations and then receiving the responses from those destination and transmitting them (in modified form or unmodified) back to the sender. By employing proxying, the man-in-the-middle makes it difficult for senders to know that their communications are being intercepted because when they communicate with a server, they receive the responses they expect.
For example, a criminal may set up a bogus bank site (see the earlier “Phishing” section) and relay any information that anyone enters on the bogus site to the actual bank site so that the criminal can respond with the same information that the legitimate bank would have sent. Proxying of this sort not only helps criminals avoid detection — users who provide the crook with their password and then perform their normal online banking tasks may have no idea that anything abnormal occurred during the online banking session — but also helps the criminals ensure that they capture the right password. If a user enters an incorrect password, the criminal will know to prompt for the correct one.
Figure 2-2 shows the anatomy of a man-in-the-middle intercepting and relaying communications.
FIGURE 2-2: A man-in-the-middle interception.
Taking What Isn’t Theirs: Data Theft
Many cyberattacks involve stealing the victim’s data. An attacker may want to steal data belonging to individuals, businesses, or a government agency for one or more of many possible reasons.
People, businesses, nonprofits, and governments are all vulnerable to data theft.
Personal data theft
Criminals often try to steal people’s data in the hope of finding items that they can monetize, including:
Data that can be used for identity theft or sold to identity thieves
Compromising photos or health-related data that may be sellable or used as part of blackmail schemes
Information that is stolen and then erased from the user’s machine that can be ransomed to the user
Password lists that can be used for breaching other systems
Confidential information about work-related matters that may be used to make illegal stock trades based on insider information
Information about upcoming travel plans that may be used to plan robberies of the victim’s home
Business data theft
Criminals can use data stolen from businesses for a number of nefarious purposes:
Making stock trades: Similar to the criminals mentioned earlier in this chapter who tamper with data in order to manipulate financial markets, criminals may also seek to steal data in order to have advance knowledge of how a particular business’s current and yet unreported quarter is going. They then use that insider information to illegally trade stocks or options, thereby potentially making a significant profit.
Selling data to unscrupulous competitors: Criminals who steal sales pipeline information, documents containing details of future products, or other sensitive information can sell that data to unscrupulous competitors or to unscrupulous employees working at competitors whose management may never find out how such employees suddenly improved their performance.
Leaking data to the media: Sensitive data can embarrass the victim and cause its stock to decline (perhaps after selling short some shares).
Leaking data covered by privacy regulations: The victim may be potentially fined.
Recruiting employees: By recruiting employees or selling the information to other firms looking to hire employees with similar skills or with knowledge of competitions’ systems, criminals who steal emails and discover communication between employees that indicates that one or more employees are unhappy in their current positions can sell that information to parties looking to hire.
Stealing and using intellectual property: Parties that steal the source code for computer software may be able to avoid paying licensing fees to the software’s rightful owner. Parties that steal design documents created by others after extensive research and development can easily save millions of dollars — and, sometimes, even billions of dollars — in research and development costs. For more on the effects of this type of theft, see the nearby sidebar “How a cyberbreach cost one company $1 billion without 1 cent being stolen.”
Data exfiltration
Data exfiltration is a somewhat complicated term for a simple concept, and refers to situations in which a party, through the use of malware or other automated means, or by manually issuing commands to a remote computer, causes data to be transferred without authorization from some information system or repository to somewhere else.
Anytime you hear of a data breach in which sensitive data has been copied by criminals, that is an example of data exfiltration. Depending on what data leaks and from whom, data exfiltration can easily harm the confidence of a business’s customers, reduce trust in a government entity, undermine the confidentiality of proprietary information, and/or undermine national security.
Compromised credentials
Compromised credentials refers to account authentication information that someone else other than you is privy to, such as your username and/or password. Abusing compromised credentials almost always refers to situations in which a criminal uses a login and password combination that was obtained from one cybersecurity breach in order to gain unauthorized access to a system and carry out another cybersecurity breach. Such attacks with compromised credentials are common, as criminals know that people commonly reuse login username/password combinations.
Likewise, use by a rogue employee of another employee’s credentials for any nefarious purpose (and even for most non-nefarious purposes) is also an example of such an attack.
Forced policy violations
Any attack in which a user or device is forced to violate cybersecurity policies is considered a forced policy violation attack.
Cyberbombs That Sneak into Your Devices: Malware
Malware, or malicious software, is an all-encompassing term for software that intentionally inflicts damage on its users who typically have no idea that they are running it. Malware includes computer viruses, worms, Trojans, ransomware, scareware, spyware, cryptocurrency miners, adware, and other programs intended to exploit computer resources for nefarious purposes.
Viruses
Computer viruses are instances of malware that, when executed,
