There is a new type of attack that focuses databases

Aug 13, 2021 07:13 GMT  ·  By

Infosecurity Magazine reports a new sort of database attack that may lead to data leakage and loss at the Black Hat US 2021 hybrid event on August 5. The attack is called DBREACH and it involves exfiltration and reconnaissance from databases using Adaptive Compression Heuristics. 

A modern database can use compression and encryption together to save money on storage, according to Mathew Hogan. Although this may be advantageous in certain cases, there is also a risk of being exploited by a class of vulnerabilities known as side-channel attacks.

DBREACH attacks can be carried out in a variety of ways, says Hogan who explained their methods in an extensive presentation with 121 slides. In this case, the tactic entails exposing Transport Layer Security (TLS) via the CRIME attack (Compression Ratio Info-leak Made Easy). To carry out DBREACH, an attacker must be able to access a database to insert and update data as well as estimate the size of a compressed table.

As part of the investigation, the researchers looked into MariaDB's open source database that is powered by the InnoDB storage engine. Matthew Hogan explained that the study team originally intended to focus on different databases, confirming that this approach also works for those that use compression and encryption in conjunction.

To mitigate DBREACH risk, Hogan suggests that database administrators have several options for securing their data: 

  • Avoid using column-level permissions. 
  • Analyze database usage patterns and check for unusual activity. 
  • An alarmingly high number of updates coming from a single user
  • Disable compression, but this measure has its pitfalls as performance is affected and storage becomes more expensive 
Hogan stated, "We believe that this really drives home the point that compression and encryption should be combined very carefully, lest you or your system fall victim to compression side-channel attack,"