Poison Attacks: A quick overview

April 03, 2023

Poison Attacks: A quick overview
Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming commonplace. With technology becoming smarter every minute, the risks are increasing as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage, and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime–Poison attacks.

What are Poison attacks
Poison attacks are attacks on the ability of the system to make smart decisions. Systems make intelligent decisions based on the training or data they receive. This data is used to hone the artificial intelligence of the system to help make smart decisions. Poison attacks mess with the training data set. They skew the system’s data model in a way that the output is no longer as intended. Poison attacks are primarily backdoor attacks. In a backdoor poison attack, the attacker creates a loophole in the core data rule and trains the system to adhere to that rule so it can be exploited later. For example, if the access control for a file is set to allow only those beyond the VP level to view the data, an attacker could change the parameter to include manager level access, violating the core data set and allowing intrusions from managers.

Unlike Ransomware, poison attacks don’t make much noise but cause far more damage as they can go undetected for a longer time. Follow our blog next week as we discuss the 3 common types of poison attacks.

Watch out for these poison attacks!
Poison attacks hamper the system’s ability to make smart decisions by disturbing the core data set used to make decisions. Poison attack methodologies typically fall into one of the following 3 categories: Logic corruption, Data manipulation, and Data injection.

Logic corruption
In logic corruption, the attacker changes the basic logic used to make the system arrive at the output. It essentially changes the way the system learns, applies new rules, and corrupts the system to do whatever the attacker wants.

Data manipulation
In data manipulation, the attacker manipulates the data to extend data boundaries, resulting in backdoor entries that can be exploited later. The attacker doesn’t have access to the logic, so they work with the existing rule and push data boundaries further to accommodate exploitation later.

Data injection
In data injection, the attacker inserts fake data into the actual data set to skew the data model and weaken the outcome. The weakened outcome then serves as an easy entryway for the attacker into the victim’s system.