There’s one thing that is very hard to refute these days: when cybercriminals want to access a protected system, stopping them is going to be, if not impossible, at least very, very tricky. The fact is that it doesn’t matter what kind of company of organization you have, or how big it is: merely existing can be enough to turn it into a target.
Because cybercrime isn’t just about getting access to an IT system to steal information or money; it goes much further than that. At times, simply destabilizing a public or private organization is reward enough to make the target seem worthwhile, and to encourage criminals to do their utmost to exploit vulnerabilities in an organization’s cybersecurity.
We’ve seen it many times. But the most symptomatic example, because of its global scope and relevance, was the 2016 US presidential election, where we saw interference from organized groups of cybercriminals, likely from Russia.
How the US elections were interfered with
So how could a country as powerful as the United States fall prey to this kind of interference? How were the majority of these cyberattacks carried out? We can answer several of these questions thanks to Special Counsel Robert Mueller, who, in a comprehensive report, provides highly relevant data.
According to the Mueller Report, the Russian plot managed to keep its activity in the elections from being followed by employing a wide range of IT techniques to hide its tracks. Two techniques are particularly revealing:
1.- End-to-end encryption. In their communications, the cybercriminals used instant messaging programs whose communications were encrypted end-to-end. This gave them a significant advantage: although the American forces managed to get a rough idea of what was going on, they would never be able to decrypt their communications. This was a real problem when it came to the FBI finding out the details of their operations.
2.- Cryptocurrencies. The communications left no trace. But what about the money? In order to keep from being discovered or tracked, the cybercriminals always made payments with cryptocurrencies, and via blockchain protocols. The aim was to not be identified at any time when carrying out these processes. Here, however, they weren’t so lucky: the FBI managed to track down the cybercriminal movements of these users via email addresses and the Bitcoin wallets associated to these addresses.
Is any encryption infallible?
This fact poses a vital question: are blockchain and end-to-end encryption completely untraceable? Do they really offer complete security and anonymity? The answer isn’t quite as simple as it may seem.
To begin with, blockchain is based on several anonymous but traceable protocols. In the middle of 2018, the company Chainalysis managed to follow the trail of criminal movements made via blockchain, and link them to their true identities. CipherTrace managed to do the same by inserting malware into several transactions, while other companies use the so-called Taintchain algorithm to do the same.
For its part, end-to-end encryption is the best way to keep communications between two points anonymous, but it can also be vulnerable. Iván Barrera managed to demonstrate as much. In 2018, he managed to break the encryption of Signal without having to break its cryptography; it was enough to infect the HTML code. What’s more, if an encrypted communication service stores messages on its servers, these messages will still not be 100% encrypted.
Encrypted traffic can also become a victim of encrypted malware, which exploits the nature of these communications in order to avoid being traced. In fact, this year, it is estimated that half of cyberattacks using malware will make use of encryption. This could cause serious corporate cybersecurity crises in any kind of company.
To avoid similar situations, Panda Adaptive Defense automatically monitors all the activity that is happening on an organization’s IT system in real time. This way, the solution manages to predict possible alerts before they can become a security risk, minimizing or even eliminating damages.
End-to-end encryption is still the best way to protect security for all kinds of communications, but it is not enough. Therefore, in order to avoid possible problems, it is vital to constantly monitor all activity on the organization’s IT systems, as well as being proactive to prevent any vulnerability even before it happens.