How Cybercriminals Are Using Encryption to Trick Your Customers
Encryption continues to be the go-to best practice to protect sensitive data passing through the Internet. If malicious hackers or cybercriminals somehow intercept the data stream, they will only see jumbled, unintelligible characters, or bits, instead of credit card data, social security numbers, or other sensitive information of real value. The use of encryption has become so popular that broadband provider Sandvine predicted that as much as 50 percent of internet traffic was encrypted in 2015 and that number would increase to nearly 66 percent by the end of 2016.
On the surface, it would appear that we’ve finally found a way to outwit the bad guys, but that’s not the case. In fact, it’s having the opposite effect. While encryption plays an important role in protecting data in transit, there are two downsides:
- False Security. Encryption is like the lock on an armored vehicle. The stronger the encryption, the harder the locks are to break. One of the most common encryption standards, for example, is AES (advanced encryption standard), and its largest key size is 256 bits. This means that the key (i.e. the thing that turns encrypted data into unencrypted data) is a string of 256 ones or zeroes. With each bit having two possibilities (1 or 0), there are 2256 possible combinations.
Those who like numbers enjoy calculating scenarios describing the difficulty of “breaking the lock” (also known as a brute force attack). This article from Reddit is just one example. The author poses the scenario of using a billion high-end computers, each capable of performing two billion calculations per second. Even with this much compute power, the author concludes it would take several billion years to break the encryption code. Referencing back to our earlier analogy, the armored vehicle is incredibly secure, but eventually that vehicle is going to stop at the bank and the drivers are going to open the doors, which is akin to data at rest. Today’s cybercriminals aren’t building faster supercomputers; they are following the armored vehicle and waiting for it to stop at the bank.
2. Less Visibility. One solution is to encrypt data at rest, also known as end-to-end encryption. But this has a drawback, too, because it lessens the effectiveness of some security products, such as full-packet capture tools, which rely on payload visibility. Encryption conceals the indicators of compromise used to identify and track malicious activity. Peer-to-peer applications like BitTorrent, for instance, have added increasing levels of encryption over the years, making it easier to bypass corporate firewalls. Such programs not only open companies up to liability concerns associated with pirating movies and other digital content, they are notorious for transporting malware. And, when malware programs are encrypted, they are much more difficult for traditional security programs to detect—until it’s too late.
Proper Encryption Management
To be clear, encrypting sensitive data is still a good practice, but IT solution providers need to adapt and equip themselves with the proper security tools to ensure complete protection. By gathering headers and other unencrypted parts of the data stream (i.e. metadata), security teams can analyze encrypted traffic more effectively. Additionally, running IP traffic flow software and performing metadata-based analyses is now essential for optimum data security.
Security teams must also monitor web traffic patterns to ensure that HTTPS requests aren’t coming from—or directed toward—suspicious locations. What’s even more essential is the need to look for encrypted traffic over a wide variety of ports because research indicates that malware is likely to initiate encrypted communications over the entire port spectrum.
IT solution providers can’t allow themselves to be duped into thinking that basic antivirus, firewall, and encryption solutions are enough to protect their customers from today’s sophisticated threats. The reality is that security is a never-ending battle that shows no signs of slowing down, and threats continue to grow in number and severity. Once these facts are realized and accepted, solution providers can employ advanced security solutions and new security strategies that will minimize their customers’ chances of becoming the next cyber-attack victim.