Skip to main content

Poison Attacks: A quick overview

Poison Attacks: A quick overview

Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming a commonplace. With technology becoming smarter every minute, the risks are increasing by the minute as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime--Poison attacks.

What are Poison attacks
Poison attacks are attacks on the ability of the system to make smart decisions. Think about this. How do systems make intelligent decisions? Based on the training or data they receive. This data is used to hone the artificial intelligence of the system to help make smart decisions. Poison attacks mess the very base--the training data set. Poison attacks basically skew the system’s data model in such a way that the output is no longer as intended. They create a new normal for everything. Poison attacks are primarily backdoor attacks. In a backdoor poison attack, the attacker creates a loophole in the core data rule and trains the system to adhere to that rule so it can be exploited at a later time. For example, let’s say, the access control for a particular file is set such that it will allow only those beyond the VP level to view the data. If someone changes the main parameter to include manager level in there, the core data set is violated and the system will not detect an intrusion by someone at the manager level, even if they log in with their credentials.

Unlike Ransomware, poison attacks don’t make much noise but cause far more damage as they can go undetected for a longer time. Follow our blog next week as we discuss the 3 common types of poison attacks

Watch out for these poison attacks!
Poison hamper the ability of the system to make smart decisions by disturbing the very core data set that is used to make a decision. Poison attack methodologies typically fall into one of the following 3 categories.

  • Logic corruption
  • Data manipulation
  • Data injection
Logic corruption
In logic corruption, the attacker changes the basic logic used to make the system arrive at the output. It essentially changes the way the system learns, applies new rules and corrupts the system to do whatever the attacker wants.

Data manipulation
In data manipulation, as the name suggests, the attacker manipulates the data to extend data boundaries that result in backdoor entries that can be exploited later. Unlike logic corruption, the attacker doesn’t have access to the logic, so they work with the existing rule and push data boundaries further with a view to accommodate them later.

Data injection
In data injection, the attacker inserts fake data into the actual data set to skew the data model and ultimately weaken the outcome. The weakened outcome then serves as an easy entryway for the attacker into the victim’s system.

Comments

Popular posts from this blog

Social media at work what could go wrong?

Social media at work...what could go wrong? As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data. Make someone accountable The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests. Train your employees Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of the

Understanding Managed Services and How They Benefit SMBs

Understanding Managed Services and How They Benefit SMBs Small to medium sized businesses (SMBs) receive a lot of calls each day from slick sales people peddling the next technology trend that's going to save them money and revolutionize how they do business. They're all too quick to caution that if you don't listen to them, you'll fall behind the times, and eventually be swimming in a sea of debt and out of business. No doubt you've heard, or you've at least read about, the benefits of managed services. Managed services refer to clearly defined outsourced IT services delivered to you at predictable costs. You know the exact IT services you'll be getting and what you'll pay for them. There is no surprise sky-high bill for services rendered. So are solicitation calls that pertain to managed services worth listening to? We think so. Then again, we're in the managed services industry. There may be a bit of a bias here. How Managed Service Providers Work

Do your homework: 3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one. Figure out what you have already The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea. Figure out what you need This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you wan