Use and Misuse of Encryption
Updated: Jan 1
Cryptography is used to secure information and communication methods built from mathematical principles and a set of rule-based computations known as algorithms to convert communications in a problematic way to decode. These deterministic algorithms are used for cryptographic key generation, digital signature, and verification to safeguard data privacy, internet web surfing, and sensitive communications such as credit card transactions and email (Richards, 2021).
Encryption converts plain text (human and machine-readable) to ciphertext (unreadable). Keys are used to both encrypt and decrypt information. Without having the proper key, decrypting information is pretty much impossible. There are two main types of cryptography: symmetric key cryptography (secret key cryptography) and asymmetric key cryptography (public key cryptography).
Symmetric Key Cryptography
One key encrypts and decrypts data.
Faster and less resource intensive.
Hard to scale in large enterprise environments.
Only provides confidentiality.
Usually used to encrypt larger amounts of data, such as full disk encryption (FDE).
Asymmetric Key Cryptography
Two Keys, private and public keys, are used to encrypt and decrypt data. Either key can be used to encrypt data, but the other key must be used to decrypt the data.
Slower and more resource intensive.
Easier to scale in large enterprise environments.
Can provide confidentiality, integrity, authenticity, and non-repudiation.
Usually used with emails and digital signatures and enables public key infrastructure (PKI).
Even though cryptography in its many forms helps us in many ways to strengthen our cybersecurity posture, attackers often employ the same technologies and techniques for their own purposes.
Encrypts victim assets, making them useless until a ransom is paid. Once paid, the attacker may (but not always) provide the key to decrypt the data.
Prevent attackers from installing malware on systems to thwart ransomware.
Having backups (not connected to the internet) will help you recover from a ransomware attack without paying the ransom. Just make sure your backup policy is good enough not to lose too much progress on whatever your organization works on.
The preferred method of payment by attackers in ransomware attacks.
Utilizes encryption to enable anonymous, secure, and "trustless" transactions (Coinbase, n.d.).
Transactions are not impossible to trace but very difficult, especially if the cybercriminal knows what they are doing (they usually do).
There is no way to prevent attackers from utilizing cryptocurrency
Just as we use cryptography, cybercriminals use the same techniques to secure their communications and data to hide their illegal activities.
Attackers utilize encrypted methods to deliver the exploit payload or malware payload to the end user (Desai, 2019).
Many cryptographic algorithms are freely available for anyone to use. Attackers can even design and use proprietary cryptographic algorithms to provide an extra layer of secrecy.
There is no way to prevent attackers from using cryptography to secure their communications and data.
Coinbase. (n.d.). What is cryptography? Retrieved July 3, 2022, from https://www.coinbase.com/learn/crypto-basics/what-is-cryptography
Desai, D. (2019, March 26). Cybercriminals are increasingly using encryption to conceal and launch attacks. Help Net Security. https://www.helpnetsecurity.com/2019/03/26/using-encryption-to-conceal-and-launch-attacks/
Richards, K. (2021, September 27). What is cryptography? SearchSecurity. https://www.techtarget.com/searchsecurity/definition/cryptography