Sometimes It Feels Like Only Cyber Criminals Know How To Use Encryption Properly
By the day, we see the poor implementation of encryption by companies and where sensitive information such as passwords and credit card details are not properly encrypted. The term “partially encrypted” has even been used to report on the Talk Talk and Equifax data breaches, and what that actually means is beyond me.
Encrpytion is increasingly used by cybercrimals in order to both obfuscate activities and also to lock down data (such as with ransomware). Within the BA hack we saw cyber criminals setting up an encryption tunnel and avoiding detection from network scanners.
Sometimes, too, it seems that cyber criminals seems to understand how to use encryption, and where its implementation across the industry is often poor.
Increasingly we must encrypt data at its source — and use end-to-end encryption — and not rely on network tunnels to protect it. Unfortunately, few developers implement any encryption within the browser, and where we are increasingly faced with browser hi-jacks, such as in the BA and Ticketmaster hacks.
One way that an intruder can get past the email scanner is to encrypt the contents on the email. The following shows an encrypted email using JavaScript:
