In light of the news that Israeli-based security researchers have devised a way to steal encryption keys stored on a PC using an AM radio antenna, please find comment below from Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi
“Cybercriminals are always looking to attack businesses and governments with increased ferocity to steal intellectual property and other valuable data. Attackers have identified that cryptographic keys and digital certificates, both critical in the implementation of HTTPS and secure web browsing, provide the perfect recipe to gain trusted status in order to breach their targets and gain a long-term foothold to monitor and impersonate their targets. Data loss prevention, advanced threat detection solutions and next-generation firewalls cannot examine SSL/HTTPS encrypted traffic, which allows adversaries to steal information and exfiltrate date over extended periods without detection.
Security teams today have little to no ability to identify and fix key and certificate vulnerabilities, detect new anomalous activity, and respond and remediate quickly to cut off attackers. While the intentions for deployment of more encryption are good to help ensure the authenticity of websites, applications and devices, any effort to increase the use of encryption has significant gaps if not properly implemented with an immune system to protect the cryptographic keys and digital certificates. More encrypted traffic will require bad guys to use HTTPS and either forge or compromise certificates to mount effective attacks.
This means that enterprises must inspect inbound traffic for threats as they move toward 100 percent encryption. No traffic can go un-inspected because cybercriminals will hide there for months, even years, completely undetected. Second, all organisations must be prepared to detect the malicious use of forged, compromised, or fraudulent certificates across the Internet to stop spoofing and man-in-the-middle (MITM) attacks.
It provides a sobering wake-up call that they must 1) know where all their keys and certificates are installed; 2) have detailed information on each instrument, (including owner, in-use algorithm and key lengths, among others) and 3) have recovery plans in place to replace any key, certificate, or service that has been compromised and get it done within hours, not days or weeks. Ultimately, knowing what is in use on the network and being prepared with a rapid response is the best plan. It seems the foundational question is not if these vulnerabilities will be exploited because they will. The question becomes: how fast can organisations switch from a compromised key or certificate to one that is not compromised?”
[su_box title=”Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi” style=”noise” box_color=”#336588″]
Venafi is the market-leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures, and unplanned outages.[/su_box]
VP Security Strategy & Threat Intelligence
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.