Data Net Blog

Data Net Blog

Data Net has been serving the California area since 1983, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Poison Attacks: A quick overview

Poison

Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming a commonplace. With technology becoming smarter every minute, the risks are increasing by the minute as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime--Poison attacks.

What are Poison attacks
Poison attacks are attacks on the ability of the system to make smart decisions. Think about this. How do systems make intelligent decisions? Based on the training or data they receive. This data is used to hone the artificial intelligence of the system to help make smart decisions. Poison attacks mess the very base--the training data set. Poison attacks basically skew the system’s data model in such a way that the output is no longer as intended. They create a new normal for everything. Poison attacks are primarily backdoor attacks. In a backdoor poison attack, the attacker creates a loophole in the core data rule and trains the system to adhere to that rule so it can be exploited at a later time. For example, let’s say, the access control for a particular file is set such that it will allow only those beyond the VP level to view the data. If someone changes the main parameter to include manager level in there, the core data set is violated and the system will not detect an intrusion by someone at the manager level, even if they log in with their credentials.

Unlike Ransomware, poison attacks don’t make much noise but cause far more damage as they can go undetected for a longer time. Follow our blog next week as we discuss the 3 common types of poison attacks

Watch out for these poison attacks!
Poison hamper the ability of the system to make smart decisions by disturbing the very core data set that is used to make a decision. Poison attack methodologies typically fall into one of the following 3 categories.

  • Logic corruption
  • Data manipulation
  • Data injection

Logic corruption
In logic corruption, the attacker changes the basic logic used to make the system arrive at the output. It essentially changes the way the system learns, applies new rules and corrupts the system to do whatever the attacker wants.

Data manipulation
In data manipulation, as the name suggests, the attacker manipulates the data to extend data boundaries that result in backdoor entries that can be exploited later. Unlike logic corruption, the attacker doesn’t have access to the logic, so they work with the existing rule and push data boundaries further with a view to accommodate them later.

Data injection
In data injection, the attacker inserts fake data into the actual data set to skew the data model and ultimately weaken the outcome. The weakened outcome then serves as an easy entryway for the attacker into the victim’s system.

4 Software Tools That Can Keep You on the Right Tr...
5 Ways to Avoid Cyberattacks while Traveling
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Wednesday, 20 November 2024

Captcha Image

Network Audit

Our network audit will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Sign Up Today!

News & Updates

There has been a good deal of controversy about how personal data has been collected, sold, and used over the past few years. Companies of all types package and sell data to create a valuable extra revenue stream for their business, and while this sh...

Contact Us

Learn more about what Data Net can do for your business.

Data Net
2445 5th Avenue Suite 200
San Diego, California 92101