Are security professionals ready for any type of attack
A New Survey from Venafi reveals that most IT security professionals acknowledge that they don’t know how to detect or remediate quickly from compromised cryptographic keys and digital certificates. Attacks like this mean that attackers can impersonate, surveil, and monitor their organisational targets as well as decrypt traffic and impersonate websites, code, or administrators. Unsecured keys and certificates provide the attackers unrestricted access to the target’s networks and allow them to remain undetected for long periods of time with trusted status and access.
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, had this to say on the topic:
“The results of this survey are very concerning when you look at the uptick of attacks on trust and all of the major SSL/TLS and SSH key and certificate-related vulnerabilities revealed in the past six months alone. From Heartbleed, ShellShock and POODLE, the GoGo man-in-the-middle attacks and Lenovo’s Superfish vulnerability to FREAK and now the more recent LogJam flaw, cybercriminals know unprotected keys and certificates are vulnerable and will use them to carry out their malicious website spoofing and man-in-the-middle attacks,”
Following a breach, over three-quarters (78 percent) of those surveyed would still only complete partial remediation that would leave them vulnerable to further attacks. They would conduct standard practices such as re-imaging servers, reviewing logs, removing malware, installing patches and changing user passwords. However, only 8 percent indicated they would fully remediate against a Sony-like attack by replacing potentially compromised keys and certificates to prevent further access.
Mr Bocek also noted:
“IT security professionals need to realize that keys and certificates establish trusted connections for virtually everything IP-enabled today. Just like the human immune system, when SSL/TLS and SSH keys are protected and used correctly, they identify webservers, software, mobile devices, applications and even security administrators as ’self’ and trusted and those that are misused should be identified as ‘other’ and replaced or blocked.” “But keys and certificates are often blindly trusted, so cyber criminals use them to hide in encrypted traffic, spoof websites, deploy malware, and steal data. Ultimately, if what our survey data says is true, and IT security professionals can’t secure and protect keys and certificates and respond more quickly to attacks that use them, online trust will continue to diminish with grave consequences, especially to the economy which relies so heavily on online trust for commerce and mission-critical business activities,”