Every time you get on the internet, you are exposed to many forms of risk. Encrypted traffic is supposed to be secure, but what are the dangers of encrypted malware?
Hackers are constantly finding new ways to identify security flaws and exploit them, compromising your data or device. According to Cybersecurity Ventures, the effect of the financial market caused by cybercrime is expected to rise to 6 trillion dollars in 2021.
Most websites on the internet have resulted in encrypted connections to beef up their security. You’ve probably encountered it. For instance, when a site has a padlock icon at the top of the browser, it is a sign that the site’s communication is through an encrypted connection under a valid TLS/SSL certificate.
SSL encryption is key for any application or site to safely transfer sensitive information. This includes financial data, credit card numbers, and passwords. SSL certificates are also a great defense tactic to stop intruders on their tracks when trying to get wind of your internet activity.
However, most people have become too trusting whenever they spot the padlock icon assuming that they are safe from all kinds of attacks.
The truth is, bad guys have found ways around encryption. Cybercriminals and hackers have found ways to cover malicious code using SSL/HTTPS and in the process, send encrypted malware.
What is Encrypted Malware?
Encrypted malware is a program that can go around common security blockers and infiltrate corporate networks with the goal of acquiring data or setting a ransomware attack.
How are the hackers able to bypass security measures?
The most common IT security solutions nowadays involve combining firewalls and intrusion detection systems to comb through and analyze all of the incoming traffic to the local network. The notion is for the system to detect and stop cyberattacks and any hacking threats automatically before the users become vulnerable.
However, there is an in-built loophole in how these systems operate. These systems are made to scan network traffic in a bid to spot patterns that are related to malware or some malicious attacks. Even so, if the systems cannot decode the full body of every incoming network request, they become blind to a portion of the traffic.
For instance, when you download a PDF document from a website outside the network, your intrusion detection system or firewall can check through the packets of data that get into the local network. However, if the communication is taking place over an SSL connection, then the firewall/system is blind to the encryption and cannot detect what is inside the PDF document.
Businesses need to invest more in cybersecurity if they are to gain the confidence of clients. An Arcserve survey on consumers showed that 70 percent of consumers were not confident with how businesses were securing their personal information. This couldn’t be further from the truth. A report by Varonis discovered that only an average of 5 percent of companies’ folders is protected properly from cybersecurity risks.
Cybersecurity Ventures predicts that in 2021, there will be a ransomware attack every 11 seconds on businesses. Additionally, Arcserve projects damages caused by ransomware to reach 20 billion dollars in 2021. Even worse, the Arcserve report shows that 59 percent of buyers will not do business with companies that experienced a cyberattack in 2020.
Encrypted ransomware is a type of ransomware where complex and advanced encryption algorithms are leveraged by ransomware creators to encrypt all of the data saved on an infected device.
Ransomware creators in this case apply military-grade encryption algorithms that prevent you from decrypting the files on your own. The ransomware is even able to scramble all the file names, making it difficult for you to determine the affected files and those that are not affected.
In an encryption ransomware attack, the attacker tries to spot all kinds of potential vulnerabilities that they can identify in your computer’s security system. A ransom note is then shown on your computer screen after the attack is complete. The note has all the information you’ll need to regain the encrypted content. Usually, the creators of the ransomware will give the victims about 96 hours to pay the amount.
What are the Dangers of Encrypted Malware?
Some interesting statistics by Comparitech continue to show that many people are still prone to malware attacks. For example, 3.7 million malware attacks got sent via encrypted SSL/TSL traffic in 2019, a 27 percent increase from 2018. These encrypted channels make it difficult to detect and mitigate, thus the malware packages experience higher success rates.
Additionally, according to Mimecast, 51 percent of organizations encountered a ransomware attack that caused at least a temporary disruption of business operations.
With that said, let’s take a look at some of the dangers of encrypted malware:
- Loss of data
- Loss of profits in businesses especially during downtime
- Cost of having to replace compromised devices
- Reputation damage that may lead to loss of business
- Cost of recovery
- Having to invest in new security systems
- Illegal withdrawal of balance from bank accounts
- Unauthorized people getting access to valuable documents
Polymorphic Malware vs Encrypted Malware
A finding by Webroot shows that 93.6 percent of malware that was observed in 2019 was polymorphic. Polymorphic malware is a kind of malware that constantly alters its identifiable features so as to evade detection. The polymorphic techniques include changing file names and types or even encryption keys, ensuring the malware is unrecognizable to detection systems.
Many of the common kinds of malware can be polymorphic, such as keyloggers, bots, trojans, viruses, and worms.
Polymorphism is leveraged to avoid pattern-matching detection that is relied on by security solutions such as antivirus software. While some characteristics of this malware may change, its functional purpose remains undeterred.
Does this mean that polymorphic malware is impossible to detect? Not exactly.
Polymorphic malware can be spotted using 2 techniques. These are entry point algorithms and generic description technology. The entry point algorithm utilizes a special malware detection program to go through machine code at the point of entry of every file. The generic description technology, on the other hand, runs the file through a protected virtual computer.
In encrypted malware, the signature is hidden under a layer of encryption. Polymorphic malware, on the other hand, is an improvement over encrypted malware. Where encrypted malware is prone to signature scanning, malware writers began morphing the decryption code in polymorphic malware to avoid detection.
Can Encrypted Files be Hacked?
It would take 6.4 quadrillion years for current classical computers to decrypt your encrypted data. However, hackers still find ways to get hold of the original content. They often result in stealing encryption keys or intercepting data before it is encrypted or after it is decrypted. The most common way that encrypted data is hacked is by adding an encryption layer while using an attacker’s key.
Let’s take an in-depth look at some encryption mistakes that lead to data breaches
Handling key management poorly
Failing to handle key management in the right way, is the most common way that hackers get their hands on sensitive data regardless of it having been encrypted correctly. If hackers get hold of your encrypted data and the encryption key, your defense is gone. So what are some of the key management failures?
Keeping the key ‘under the mat’
So you’ve encrypted all your sensitive data and signed it properly. Where do you hide the encryption key? In the database? On the file system? In an app config file? All these are bad choices for storing your encryption key.
Failing to protect the key
Even if you hide the key in a separate place, your job is not cut out for you since hackers might get to it there too. You should encrypt the encryption key with another encryption key, preferably, a Key Encryption Key, that you’ll then have to store in a different location. To beef up your security even more, you can secure all your KEKs using a Master Encryption Key and a Master Signing Key.
Insecurely fetching the key
Despite having 3 layers of encryption protecting the data, you still have to transfer the key to the app securely. Ideally, this requires authentication between the key management server and your app, as well as delivering it over an encrypted connection, thus the fourth layer of encryption. Furthermore, there include performance considerations including caching the key securely in memory which can be troublesome. All these complexities are grounds for data hacks.
Same key for all data
Some people use the one encryption key to safeguard their sensitive data. This is the equivalent of using one key for your house, office, and your car, which is not usually the case. For this reason, you should split your data into several security partitions, each having its encryption key. This can be complex as it requires that you intelligently figure out the key you need to fetch each time you encrypt and decrypt data, but it is necessary.
Never altering the key
It’s common knowledge that it’s wise to change the locks occasionally on your doors, and the same principle applies to encryption. This is known as key rotation and it should not be overlooked. It entails maintaining several versions of every encryption key and matching it to its corresponding version of the encrypted data. In some cases, you need to move the existing data from an old key to the new key.
Expecting cloud providers to secure your data
With the rise in popularity in cloud computing, many server-side applications are migrating from server rooms to data centers. These centers are spread out across the globe and are under the management of companies like Google, Amazon, and Microsoft. These tech giants have pumped hundreds of millions of dollars into cybersecurity, to ensure that they are “THE” secure cloud.
This causes many organizations to assume that any data that is stored by these providers are safe. This is a very risky assumption.
While the physical infrastructure powering the cloud providers may be secure, and even some offering encryption options, still, they recommend that developers first encrypt their sensitive data before they send it to the cloud.
How to Protect Yourself or Your Business from Encrypted Malware
- You should be on the look for the padlock symbol on your browser to be sure that the site you are on has SSL encryption enabled. However, don’t just assume that this is enough since many suspicious websites also spoof their own sites with SSL certificates to seem legitimate.
- Every time you key in your personal information or perform a financial transaction, take some time to assess the platform you are using and if the URL in your browser, as well as any organization details found on the SSL certificate, corresponds to the organization.
- Hackers can still use advanced DNS spoofing to give seemingly correct URLs that in turn get user credentials. Using strong password managers will help protect you from this as they cross-reference URLs. Still, users need to be cautious when inputting login info.
- Opt to add a Virtual Private Network (VPN) to strengthen your online security. This service is growing in popularity among many internet users as it is easily available via subscription, and leverages different kinds of encryption apart from SSL to ensure your network is secure and anonymous during online sessions.
- Ensure that your organization has intrusion detection systems and firewalls that are correctly configured. Hackers never tire from spotting vulnerabilities in your system. This means that even after taking the right precautions, there is a chance that you might still be vulnerable to malware.
- Ensure that your organization is utilizing deep packet inspection and/or SSL inspection to weed out threats that may come through encrypted web traffic.
- Invest in proven anti-virus tools from credible sources, and always keep them up to date. While this might not be completely foolproof, there is no sure way, given the latest technology, to protect your network other than having anti-malware, anti-virus software, and a firewall manning your network.
- Embark on offline backups and online files. Companies are doubling up in a bid to safeguard their information. Firstly, they are storing large parts of their files in the cloud, ensuring that their physical devices will not be affected in the event of an infection. Secondly, they are storing secure backups offline, to prevent them from getting affected by an infection.
An analysis by CybSafe of data from the UK Information Commissioner’s Office discovered that 90 percent of the cybersecurity breaches in Britain were linked to human error. As such, other simple measures include advising employees not to click on links or download attachments that are from unknown sources. They should also be keen on the spelling of email addresses, and if there are inconsistencies, delete them immediately. They should also ignore and bin emails that have poor formatting and grammar.
Dangers of Encrypted Malware – The Bottom line
Encrypted traffic is very important in making networks secure while keeping information safe. Even so, it does not mean that it is totally safe from attacks, such as encrypted malware. This could result in huge financial losses and data breaches. For this reason, companies need to practice proactive precaution.
Consider Cybriant’s PREtect Service as an All-in-One Cybersecurity Solution for your organization. Learn more here.