Disclosure, Alteration, and Destruction (DAD) refer to three potential risks or outcomes in the context of information security. These terms describe different ways in which sensitive information can be compromised or impacted
Disclosure
Disclosure refers to the unauthorized release or exposure of sensitive information to individuals or entities who should not have access to it. This could involve the unintentional or intentional sharing of confidential data, such as personal information, trade secrets, or classified information. Unauthorized disclosure can lead to privacy breaches, reputational damage, or misuse of information by unauthorized parties.
The concept is further elaborated in the table as following
Type of Vulnerability | Description | Real life example |
|---|---|---|
Data Breaches | When a company's database or system is compromised, leading to the unauthorized access and disclosure of customer information, such as personal details, credit card numbers, or login credentials | |
Insider Leak | When an employee or insider intentionally discloses confidential information without authorization | |
Accidental Email or Document Sharing | Instances where individuals mistakenly send emails or share documents containing sensitive information with unintended recipients. This can occur due to errors in email address input or lack of proper data classification and handling procedures. | |
Public Wi-Fi Network Vulnerabilities | Unsecured public Wi-Fi networks can expose user data to unauthorized parties who may intercept and access sensitive information transmitted over the network. This can lead to the disclosure of login credentials, financial data, or personal information. | In 2022, a security researcher found that a public Wi-Fi network in a major airport was vulnerable to a man-in-the-middle attack In 2021, a security researcher found that a public Wi-Fi network in a major train station was vulnerable to a denial-of-service attack |
Social Engineering Attacks | Techniques such as phishing, where attackers trick individuals into divulging confidential information, such as usernames, passwords, or financial details. This information is then used for malicious purposes. | group of hackers tricked employees at a major tech company into revealing their passwords by sending them phishing emails that appeared to be from the company's CEO. |
Alteration:
Alteration refers to unauthorized changes or modifications made to data or information. It involves tampering with the integrity or accuracy of the information, often with the intent to deceive or manipulate. Unauthorized alterations can lead to data corruption, false information dissemination, or compromised trust in the accuracy and reliability of the data.
The concept is further elaborated in the table as following
Type of Vulnerability | Description | Real Life examples |
|---|---|---|
Website Defacement | Hackers may alter the content or appearance of a website without permission. This can involve replacing the original content with defamatory messages, political statements, or offensive imagery | |
Digital Image Manipulation | Alteration of images using software tools to modify their content or deceive viewers. This can include doctoring photographs for propaganda purposes or manipulating images in advertising to present unrealistic representations | In 2022, a photo of a Turkish protest was digitally altered to make it look like there were more protesters present |
Financial Fraud | Alteration of financial records or transactions to conceal fraudulent activities. For instance, modifying accounting records to inflate revenues or underreport expenses to deceive stakeholders and investors | In 2022, a group of hackers stole the personal information of over 500 million customers from the credit reporting agency Equifax In 2022, a group of hackers stole the customer data of over 143 million customers from the retail giant Target |
Medical Record Tampering | Unauthorized modification of medical records to conceal medical errors, change diagnoses, or manipulate patient information for personal gain or to support fraudulent claims. | In 2022, the personal health information of over 10 million patients was exposed in a data breach at the Universal Health Services hospital chain In 2022, the personal health information of over 7 million patients was exposed in a data breach at the LabCorp medical testing company |
Software Source Code Manipulation | Unauthorized alteration of software source code to introduce vulnerabilities, insert malicious code, or modify functionality. This can compromise the security and integrity of software applications. | In 2022, the open-source project Log4j was found to be vulnerable to a critical remote code execution (RCE) vulnerability In 2021, the SolarWinds Orion IT management software was found to have been compromised by a nation-state actor |
Destruction:
Destruction refers to the loss or destruction of data or information, whether accidental or intentional. This can occur due to system failures, natural disasters, malicious attacks, or improper handling of physical or digital media. Destruction can lead to the loss of valuable information, disrupt business operations, or impact the ability to recover or restore critical data.
The concept is further elaborated in the table as following
Type of Vulnerability | Description | Real Life Example |
|---|---|---|
Data Loss or Deletion | accidental or intentional removal or loss of data | In 2020, a data breach at the health insurance company Anthem exposed the personal information of over 78 million Americans |
System or Infrastructure Destruction | Destruction or disabling of computer systems, networks, or infrastructure. like DDoS or physical destruction | In June 2022, a DDoS attack on Cloudflare's network reached a peak of 71 million requests per second (rps) In May 2022, a DDoS attack on the Ukrainian government's website lasted for several days |
Data Wiping | Deliberate and complete erasure of data from storage devices to prevent any chance of recovery | In 2022, a ransomware attack on the Kaseya software company caused data to be wiped from thousands of businesses In 2021, a cyberattack on the Norwegian pharmaceutical company Teva Pharmaceuticals caused data to be wiped from the company's servers |
Disruption of Services | Involves actions that disrupt or disable critical services or infrastructure. Infrastructure attacks and cloud service outages | In 2021, a cyberattack on Colonial Pipeline, the largest fuel pipeline in the United States, caused widespread fuel shortages In 2020, a cyberattack on the Norsk Hydro aluminum company caused widespread production outages |
Comments