Researchers Reveal DBREACH as New Attack Against Databases


In reference to the past record, many organizations have observed that databases are critical applications for any organization, which give cybercriminals more chances to target them. 

Recently hackers review has reported news relating to the Black Hat US 2021 hybrid event in which hackers have been encouraged to collaborate with federal agencies against cybercriminals – in the same event a group of cyber intelligence expressed a new type of cyber attack against databases that could lead to information reveal and loss. The attack has been identified as DBREACH, which is an acronym for Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics. 

Mathew Hogan one of the cyber intelligence members said that in modern databases, compression is often paired with encryption in order to reduce storage costs. Although that can increase risks as it could lead to exploitation by a class of vulnerabilities known as side-channel attacks. 

“With DBREACH, an attacker is able to recover other users’ encrypted content by utilizing a compression side channel," Hogan said. "We believe this is the first compression side-channel attack on a real-world database system." 

Along with this, Hogan and his colleagues in a much explained 121-slide presentation have provided thorough detail on how a DBREACH attack could work. Reportedly, DBREACH goes with the same techniques as the CRIME (Compression Ratio Info-leak Made Easy) attack on Transport Layer Security (TLS) that was first reported in 2013. 

"We believe that this threat model is realistic and achievable," Hogan further told. "The update capability can be achieved through a front-end web interface that's backed up by a database table, which is something that's really common in a lot of databases." 

How can database users mitigate the risk of DBREACH 

There are many ways for database users to mitigate the risk for DBREACH. One of these ways, as per Hogan, includes not using column-level permissions. He also recommended organizations to monitor database usage patterns for unusual activity which then would be similar to Denial of Service (DoS) detection, looking for a single user that is performing an unusually high number of updates. 

"The only foolproof method for preventing this attack is to turn off compression…” “…We believe that this really drives home the point that compression and encryption should be combined very carefully, lest you or your system fall victim to compression side-channel attack," Hogan added.