What is a cryptographic attack? What role do they play in today's cyber landscape?
In today's blog, our ethical hackers expand on our original breakdown of cryptography attacks to delve further into how organizations like yours can (and should) be shielding against them.
Let's get started:
Before we answer the question of, "What is a cryptographic attack?" we first have to delve into what exactly cryptography is.
Cryptography is defined as a security mechanism for storing and transmitting sensitive data such that only the sender and the intended receiver can read or understand it. A key (or multiple keys) is used to encode data (at the sender's end) and decode data(at the receiver's end.)
As a crucial part of cryptography, encryption is converting plaintext or data into ciphertext or encoded data (as in, data that is not readable to everyone). As the final component of cryptography, converting the ciphertext or encrypted data to a readable form or decoded version is called "decryption."
The word "cryptography" is derived from the Greek word kryptos. The prefix, "crypt-", roughly translates to "hidden" in English, and the suffix "-graphy", is translated to "writing."
The origin of the first definition of cryptography is dated from approximately 2000 B.C., where it first appeared as hieroglyphics. From there, the first public usage of a modern cipher was by Julius Caesar, who reportedly crafted a system in which each character in his messages to other authority figures was replaced by a character three positions ahead of it in the Roman alphabet.
Flash forward to today: now, cryptography has evolved as a way to virtually store and transfer sensitive information.
Single-key (or symmetric-key encryption) algorithms generate a set length of bits known as a "block cipher", a hidden key that the sender or creator then uses to encrypt data and the receiver uses to decipher it.
A recent example of symmetric-key cryptography is the Advanced Encryption Standard. The AES specification was established in 2001 by the National Institute of Standards and Technology (NIST) as a Federal Information Processing Standard (FIPS 197) to safeguard sensitive data. The United States government mandates the standard and it is commonly used in the private sector.
Public-key or asymmetric-key encryption algorithms, on the other hand, use a pair of keys: a public key associated with the sender or creator used for encrypting messages, and a private key that only the originator knows that is used to decrypt said information.
Examples of public-key cryptography include:
The RSA, which is used widely on the internet
The Elliptic Curve Digital Signature Algorithm (ECDSA), which is used by Bitcoin
And the Digital Signature Algorithm (DSA), which has been adopted as a Federal Information Processing Standard for digital signatures by NIST in FIPS 186-4
To maintain data integrity in cryptography, hash functions are used: hash functions determine which return is a deterministic output from an input value and which are used to map data to a fixed data size. Types of cryptographic hash functions include Secure Hash Algorithm 1, Secure Hash Algorithm 2, and Secure Hash Algorithm 3.
Modern cryptography concerns itself with the following four objectives:
Confidentiality: The information cannot be understood by anyone except for whom it was unintended
Integrity: The information cannot be altered in either storage or transit between the sender and the intended recipient without the alteration being detected
Non-repudiation: Either the creator or the sender of the information cannot deny at a later stage their intentions in the creation or transmission of the info
Authentication: Both the sender and recipient can confirm each other's identity, the origin of the info, and the destination of the info as-needed
These are especially critical to understand in relation to a cryptographic attack, as the defensive protocols that meet some or all of the above criteria are known as cryptosystems.
Cryptosystems utilize a set of procedures known as cryptographic algorithms in order to encrypt and decrypt messages to secure communications among computer systems, devices, and apps.
A cipher suite uses one algorithm for encryption, another algorithm for message authentication, and another for key exchange. This process, embedded in protocols and written in software that runs on operating systems (OSes) and networked computer systems, involves a combination of the following:
Public and private key generation for data encryption/decryption
Digital signing and verification for message authentication
Key exchange
Now that we've outlined cryptography, it's time to move on to the core question "What is a cryptographic attack?"
A cryptographic attack permits threat actors to bypass the security of a cryptographic system by finding weaknesses in its code, cipher, cryptographic protocol, or key management scheme. This circumvention is also called “cryptanalysis.”
As such, cryptographic attacks target cryptographic or cipher systems that conceal data so that only a few people can view it. Depending on the type of cryptographic system in place and the information available to the attacker, these attacks can be broadly classified into six types:
Brute force attacks: In a brute force attack, the threat actor in question will attempt a variety of keys in order to decipher an encrypted message or data. If the key size is 8-bit, the possible keys will be 256 (i.e., 28). In order for this to be successful, the threat actor must know the algorithm (generally found as open-source programs) to try all the 256 possible keys in this attack technique
Ciphertext-only attack: In this attack vector, the threat actor will gain access to a collection of ciphertext. Although the threat actor can't access the plaintext directly, they can successfully determine the ciphertext from the collection. This vector is generally less effective than its brute-force counterpart
Chosen plaintext attack: Via a chosen plaintext attack, a threat actor cybercriminal can select plaintext data to obtain the ciphertext, which in turn simplifies their task of resolving the encryption key
Chosen ciphertext attack: In this method, the threat actor will attempt to obtain a secret key or the details about the system. By analyzing the chosen ciphertext and relating it to the plaintext, the threat actor will try to guess the key
Known plaintext attack: This technique can occur when a threat actor alrady knows the plaintext of some portions of the ciphertext using information-gathering techniques
Dual key and algorithm attack: The threat actor will attempt to recover the key used to encrypt or decrypt the data by analyzing the cryptographic algorithm
Alongside these six main types of cryptographic attacks, a cryptography attack can be either passive or active.
What do we mean by that? Well:
Passive attacks: Passive cryptography attacks are launched with the intent to gather unauthorized access to sensitive data or information by intercepting or eavesdropping on general communication. In this situation, the data and the communication remain intact and are not tampered with
Active attacks: As a direct comparison, active cryptography attacks hinge on the modification of the data or the communication. In this case, the attacker not only gains access to the data but also tampers with it
When it comes to knowing what a cryptographic attack is, it can be helpful to examine examples.
One that comes to mind for many is the "Ultimate Man-in-the-Middle Attack", which used an elaborate spoofing campaign to trick a Chinese venture capital firm and steal from an Israeli startup, which earned the threat actors US$1 million in 2019.
More recently, in 2021, over hundreds of enterprises across both the United States and Europe were successfully targeted by a cloud-based brute-force campaign that exploited known vulnerabilities in Microsoft Exchange to enable remote code execution.
To safeguard your organization from sophisticated cryptographic attack, it is essential to have a strong cryptographic system in place.
Here are our team's suggested actionable ways you can start doing this today:
Regularly have your IT team update the cryptographic algorithms and protocols to ensure they are not obsolete
Guarantee that data is appropriately encrypted so that even if it falls into the wrong hands, it cannot be read or easily tampered with
Use unique keys for encryption
Store all keys in a secure location
Ensure that the cryptographic system is implemented correctly and follows best practices
Regularly test your system for vulnerabilities
Educate employees about cryptographic attacks and how to prevent them via ongoing Employee Awareness Training
"What is a cryptographic attack?" is a question we field frequently here at Packetlabs.
Looking to learn more about how to bolster your security posture ahead of the next attempted cyber breach? Contact us or download our Buyer's Guide today.
Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.