Encrypted data is not the security panacea that it is popularly believed to be, according to Ed Skoudis, a founder of InGuardians and its senior security consultant.
It is no secret that encrypted data is revealed as plain text at various stages of its lifecycle and especially when it is called into an application. Hackers are now capable of accessing the data and stealing it through a process known as “pervasive memory scraping”, he said.
Speaking at the conference with Rohit Dhamankar, director of security research at TippingPoint and Johannes Ullrich, chief research officer at SANS Institute, Skoudis explained that an increasing number of incidents where pervasive memory scraping has been used have come to light recently. Hackers have successfully stolen “encrypted” data such as personally identifiable information (PII).
This is partly due to the ready availability of penetration testing toolkits like Metasploit which is supplied by Rapid7 as a security enhancement but widely used as a hacking tool. “Attackers know that data is usually decrypted for processing and they are therefore targeting and capturing it while available in clear text in memory using the memory scraping functionality of Metasploit’s Meterpreter,” he said.
Companies that use end-to-end encryption can get careless because they feel that they are secure. This allows the hacker, who is constantly looking for weak spots, to gain control of systems and probe around.
Skoudis said, “When the data is decrypted, attackers go into memory and grab the crypto key. Ths allows them to start fetching the PII itself from memory.”
The best protection against such attacks is to ensure that the host is surrounded by strong security and administrative privileges cannot be accessed in the first place, he advised.
Skoudis said the warning signs that such an attack has been initiated is often when personal information has been leaked. He warned that data leakage prevention is only effective where the leak is accidental and that it is no defence against a determined attack .
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…