Log tampering is a method by which hackers can maintain access and cover tracks on any kind of system of an organization. Hackers can use this method to make the security system of their victim more exposed to attacks, making it possible for them to take full control of it, as well as make the entire business or company vulnerable to risks that can lead to losses of a big amount of money, especially when it comes to organizations with a large volume of transactions such as banks, online shops, etc.
Types of Logs:
Log tampering can be used by an attacker to hide his activities on a computer system or network.Basically, there are two types of logs:
- Audit Logs: Audit Logs are the logs that are created by the operating system of a computer and are collected in log files. The main purpose of Audit logs is to keep track of file access, changes made to the system, and other records about events that occur on such systems.
- Application Logs: Application logs are another type of log, which is created and written by programs or applications in order to keep track of what is happening within their memory space. Application Logs are recorded in files that generally have .log as their file extensions. They are presented in a form that is more detailed compared to audit logs.
Who Can Perform Log Tampering?
- Log Tampering can be done by someone with access to the network or computer system who can get away with it.
- Log alteration is usually done in order to hide malicious activities of an intruder, but it can also be used by administrators, who want to hide their mistakes or errors that were made. However, there are many ways on how audit logs and application logs operate, so an attacker can easily modify them.
- Log Tampering through Log file deletion is the simplest way of altering log files, as all that needs to be done is just delete them from their storage locations.
- It can be done easily by an attacker, who can either delete logs completely or modify their contents before deleting them.
- The logs will be deleted automatically after a certain period of time, so it is better to reconfigure the settings in order to provide a certain period of time before they get deleted.
Conclusion:
Log Tampering through Log file modification is another way how an attacker can alter log files. This type of attack is much harder to do, but it can still be done successfully if the log file system that is being attacked is not well-protected. An attacker will actually have to modify the whole file and not just parts of it in order to change critical information about his activity on the computer system or network that he has targeted for attack.