Weaponising encryption

Mike Campfield, Head of EMEA operations at ExtraHop

Cyber criminals’ tactics are becoming more sophisticated, with the increase in cyber attacks having a devastating impact. So far this year 93% more attacks were carried out in the first half of 2021 compared with the same period last year says, Mike Campfield, head Of EMEA operations, ExtraHop.

To protect sensitive business and personal data, many businesses are turning to strong encryption, which transforms plain text into unreadable ‘ciphertext’. Google estimates that 95% of its internet traffic uses encrypted HTTPS protocol, with most industry analyst firms concluding that between 80-90% of external network traffic is encrypted today.

While encryption might protect data, obscuring digital footprints can compromise SecOps visibility, making it difficult to tell good and malicious traffic apart without decryption. Gartner predicted that 70% of malware campaigns in 2020 used some type of encryption. Once all data is encrypted organisations are blind to attackers and unable to tell when an attack occurs and what information was stolen. By utlising decryption, organisations are able to have a greater understanding of what data has been affected and which customers were impacted.

Cyberattackers are using the lack of decryption to their advantage by hiding their activity from otherwise benign traffic. They do this by using both their encryption and broad encryption to hide within networks.

The misconceptions about encryption and decryption

There are misconceptions around both encryption and decryption that restrict their potential to be used as tools to protect user privacy. One of the most troubling is that it violates the data privacy of businesses as well as individuals.

This is not true. New technologies construct ways to strike balance between decrypting relevant data to identify hidden threats without comprising sensitive business data. It’s possible to decrypt enterprise network traffic and be compliant with GDPR, Payment Card Industry Data Security Standard (PCIDSS) and The Health Insurance Portability and Accountability Act (HIPAA) by not configuring capabilities on sensitive subnets.

Another misconception is that it slows network traffic. Again, this is false. If the decryption is done passively, it has no impact on the network traffic. Perhaps the biggest misconception and barrier for organisations, is that it is believed the encryption standards, such as The Transport Layer Security Protocol (TLS 1.3) and the tools they have in place aren’t able to decrypt at scale as businesses need to properly protect themselves.

Despite this lack of understanding, decryption is becoming a vital tool in detecting advanced threats that use encryption to get malicious payloads past cybersecurity tools.

Decrypting hidden threats

In the evolving threat landscape, it is imperative for businesses to have the ability to securely decrypt traffic to have complete visibility into their environment. As the recent Kaseya and SolarWinds attacks have demonstrated, cybercriminals are using a land and pivot strategy. This consists of the criminals creating encrypted malicious payloads software that check if a device has endpoint protection. They then move laterally throughout an organisation until they find a device without coverage and deploy the malware.

Organisations should leverage specific Network Detection and Response (NDR) capabilities to decrypt traffic to identify hidden threats safely and securely, without compromising data privacy. As without decryption, organisations are unable to see up to 60% of the Cybersecurity and Infrastructure Security Agency’s (CISA) most exploited vulnerabilities.

Decipher the way forward with decryption

Many legacy security tools such as endpoint detection and response and IDS systems do not have decryption capabilities. However, NDR technology can configure decryption within products and only apply it to traffic that it has keys for, allowing organisations to move against cyberattackers.

Decryption can enable SecOps to detect attack tactics that others cannot such as ProxyLogon, Kerberos Ticket Attacks and the recent PrintNightmare vulnerability. It also detects attacks earlier in the campaign to identify malicious payloads and prevent costly breaches.

It can also Improve the Mean Time to Respond (MTTR), by uncovering contextual meta-data via high fidelity enabling rapid detection, scoping, investigation and remediation of threats. It provides a full forensic record post-compromise, to ensure lessons are learned against future attack attempts, with the historical application of performance data.

As we enter a more sophisticated era of cybersecurity, there are new approaches for detecting threats. Cyber attackers are upping their game and without the ability to securely decrypt traffic it will soon be impossible to tell the good from the bad.

The author is Mike Campfield head Of EMEA operations, ExtraHop.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

ICP DAS partners with IoT software provider Exosite to introduce “ExoWISE” solution

Posted on: January 18, 2022

Taipei Taiwan. Jan. 16, 2022 – ICP DAS, a  manufacturer of industrial automation equipment, is pleased to announce the new ExoWISE solution. The creation of ExoWISE is the result of a new partnership with Exosite, an enterprise software company and a provider in the Industrial Internet of Things (IIoT) platform market.

Read more

A busy time in the world of telco IoT

Posted on: January 17, 2022

It’s been a busy period for IoT (Internet of Things) market developments that affect the evolving 5G space for telcos. Global freelance business technology journalist, Antony Savvas looks at how IoT movers and shakers could help to further evolve mobile data processing and security.

Read more