Unauthorized access: the concept, types and primary sources of problems

[Father]

Unauthorized access to information is a problem that should not be underestimated. If the data is accessed by someone other than the employees responsible for working with it, the company usually faces very sad consequences.

Given that personal data and information that has the status of a commercial secret often become the object of unauthorized actions, it is difficult to overestimate the damage. To describe all the main aspects of NSD, the article is divided into two parts. The first one focuses on classes and types, as well as the reasons why attackers seek to gain access to data.

What is unauthorized access?​

Unauthorized access is access to the information of a person who does not have the right to view and work with this information. Usually we are talking about confidential information that is of some value to the company, and therefore interesting to a potential attacker.

Who gets unauthorized access? This may be an employee for whom working with this information is not prescribed by corporate regulations. Or it may be a hacker who uses it solely for the purpose of obtaining benefits or for illegal actions.

At first glance, the situation with an external cracker is more dangerous than the problem with an internal rule breaker. However, the latter should not be underestimated. Using company employees is a common way to illegally obtain confidential information.

Andrey Minyaev
Head of the Digital Design Information Security Center

Currently, there are quite a large number of threats to the security of information, including those related to unauthorized access attempts (NSD). Any NSD attempt is backed by an intruder who implements these threats through vulnerabilities and/or design errors and defects in software and information security tools. The reason itself can be different, ranging from the search for financial gain, ending with "sporting interest" and self-assertion of the violator in front of other participants. In my opinion, most attacks in general are fairly typical attempts at NSD on the part of hackers and, in general, are attempts to cause reputational damage to the attacked.

Unauthorized access is not an attacker's goal, but only a means to achieve it. By itself, it does not cause damage to the company, but it opens up wide opportunities for implementing threats.

Consequences for the company​

The implementation of the NSD can lead to violations of various types:

• leak of significant information;
• data corruption and destruction;
• blocking access to information for employees of the organization, for example, for the purpose of receiving a ransom.

The potential consequences for the affected company are not limited to this. Using an invasive method of accessing information, an attacker can inject malware into the system after entering it and achieve complete remote control. As a result, global failures in the company's information systems may occur.

Data breaches, in turn, threaten the company's commercial success. If we are talking about the customer base, then the corporate reputation is already at stake.

Ekaterina Starostina
Director of Business Development at Webmonitorex

Unauthorized access to data can occur for various reasons, such as hacker attacks, phishing, the use of weak passwords, or the loss of devices with access to information. The most dangerous, in my opinion, are hacker attacks and phishing. Hackers can use unique and modern methods to break into the system and obtain confidential data. Phishing, in turn, involves manipulating users to obtain their personal information, such as passwords or banking details.

Access rights differentiation​

Unauthorized access (NSD) to information assumes that someone has previously thought through the authorized one. In other words, I defined information classes and compiled a list of data belonging to each class. Further, he defined the circle of persons who need to have access to it in order to perform their official duties and established the procedure for granting this access.

Ivan Dudorov
Head of the CyberPeak Sales Support Team

As soon as we descend to the level of differentiation of access rights to real end resources, a lot of nuances come up: for example, the presence of creators-owners and users with full privileges, allowing them to independently manage rights to folders and files created by them earlier without any administrator involvement. In other words, the owner can grant access to any other employee himself, and despite finding the data in a closed directory, a person can still get unauthorized access to information via a direct link. We meet this situation literally at every first customer during the risk audit, since very few people understand the real scheme of working privileges on file resources, and the built-in standard management tools do not allow us to effectively identify such nuances.

If the data is not classified and the access rights for employees are not differentiated, this position is unlikely to protect the company from unauthorized access. On the contrary, the task of a potential hacker or just a dishonest employee becomes much easier. In fact, there are no protective measures, and the very fact of NSD may go unnoticed for a long time.

What is NSD like?​

Understanding what unauthorized access is would be incomplete without a typology of this phenomenon. The first large group, as mentioned above, is related to the company's employees and their involvement in order to gain illegal access to data. Employees may receive an offer to move to a competitor with a much better salary. The most gullible or dissatisfied in this case will readily tell about the secrets of the current employer right on the imitation of an interview. In addition to searching for unscrupulous employees for use in the open, "in the dark" actions can also be used: listening and intercepting audio signals, monitoring in order to obtain data.

Valery Stepanov
Head of the Competence Center for Information Security T1 Integration

Unauthorized access can be caused by: incorrect separation of powers in the software, errors in the software itself, outdated versions, the presence of vulnerabilities and their exploitation by intruders. The most common ones are abuse of official authority and weak software security. These two reasons account for two-thirds of all information security incidents involving unauthorized access.

The next large group of unauthorized access options is technical in nature. This is hacking corporate email, web resources, and any information systems in order to obtain data. To implement it, attackers look for software vulnerabilities and use them, getting a "green light" to copy or modify any information.

Physical unauthorized access to servers and other equipment is also dangerous. When developing measures to protect against NSD, it is necessary to take into account the risks associated with it.

Alexey Morozkov
Team Leader of the ICL Services Cybersecurity Management Center

Common causes of unauthorized access include configuration errors in IT systems, devices, and security tools. Even if initially, all systems and devices were configured according to all the canons of best practices, then after a while you will need to make changes, exceptions, and many other actions. Because this will be required by the IT infrastructure and business, and this in turn will create potential "loopholes" for attackers.

Another type of NSD is associated with the interception of information from SMS, instant messengers, calls and other internal communication channels. Technically, this is done using antenna systems, panoramic analyzers, broadband amplifiers, and other means.

A special group from the point of view of NSD threats is represented by legal methods of obtaining confidential information. The sources in this case can be contractors and trading partners, customers, and even competitors. Certain conclusions about the company's strategy can be drawn during the participation of its employees in practical sections of various conferences and other events. The collected data can be used to the detriment of the company, but it is difficult to resist this type of NSD due to the fact that no illegal actions are committed in the process.

Konstantin Larin
Head of the Cyber Intelligence Department, Bastion LLC

The most common reasons for unauthorized access are the human factor and the use of software with known vulnerabilities, for which there are public exploits. In the first case, the factor of inattention of users is triggered, and as a result, the attacker is compromised and moves through the internal network of the company. After that, the attacker gets a foothold in the network and starts exfiltrating (uploading) confidential information. With the second case, everything is clearer, they make a map of the software used on the company's external resources and find outdated services for which exploits exist. Then the vulnerable resource is compromised and then promoted in the internal network of the company.

Bottom line: anticipate cannot be ignored​

In the case of NSD, the ideal option for any company is to put a comma after "anticipate". Despite the fact that it is impossible to calculate all the options for unauthorized access in advance. It's definitely worth a try.

NSD is a threat to organizations of any industry, size, and structure. A large market player may be robbed of information about a product that is being prepared for launch, and a small medical center may be robbed of customer medical data. For the companies themselves, the consequences of implementing any method of unauthorized access to information will be too serious to ignore such a threat.

For unauthorized access, attackers use an extensive arsenal of tools. In addition to software vulnerabilities and a diverse set of technical solutions, a significant part of NSD occurs with the involvement of employees of the affected company.