Johannesburg, 21 Sep 2020
In March 2017, employees of the City of Atlanta in the US found themselves under attack. The attack resulted in 13 government departments being compromised, including the police department.
How did this serious and costly data breach occur? It started with one user, an employee of the city. While communicating with external vendors via e-mail, the employee unknowingly opened a malicious attachment that had been sent by one of the vendors.
This compromised the employee’s user authentication credentials, giving the hacker access to the entire Atlanta network infrastructure. The hacker then installed software that allowed them to monitor and manage each department’s systems and machines.
Once this malware had been installed, they were able to run password attacks against each component as it spread throughout the internal infrastructure – granting them ownership of the entire system.
The hackers demanded an initial Bitcoin ransom of $50 000, which was soon upped to $2.6 million to get all systems back online, following a crippling five-day outage.
How this could have been avoided
Joe Venter, Pre-Sales Consultant for CyberTech, a division of Altron, says unsurprisingly, there are many similar, high-profile cases where compromised user credentials were used to infiltrate a system.
“The 2017 Atlanta ransomware attack is a perfect example to illustrate a situation where everything that could go wrong, went wrong. If security solutions driven by public key infrastructure (PKI) were in place, a scenario like this could have been avoided.”
PKI-based digital identity is the strongest form of user authentication that can be applied; it is linked to a private key which can’t be copied or cloned, and a unique authentication that can’t be replaced. Globally, it’s considered the ‘gold standard' in data protection.
PKI based solutions allow one to create a private key. From this private key, you would be able to derive a public key, which will be communicated in public, but its origins can be traced back to the original private key with absolute authority. To ensure protection, all users authorised to operate on the city’s internal infrastructure should have been enrolled through PKI-based solutions.
Global data indicates that enterprise organisations have multiple PKI solutions or infrastructures enrolled within their organisations. The root of trust for all PKIs is established when an organisation’s master keys are generated and protected in a hardware security module (HSM) – a physical computing device that safeguards and manages digital keys.
Venter says: “The purpose of a PKI is to securely associate a key with an entity. A digital certificate created through PKI links an entity to digital keys, which in turn confirms that the entity is a trusted source, thereby creating confidence between trusted entities. These keys are considered superior within the cyber security space because they are revocable, meaning that access can be cut off once a suspicious activity is detected.
“In the case of the Atlanta attack, the harmful e-mail attachment sent to the compromised user would have gone through various PKI cryptographic security measures to verify whether the entity could be trusted.”
In the unlikely event that malware would be able to bypass the initial screening and certification measures of PKI, the hacker would not be able to access other parts of the internal infrastructure without a “digital key”, as they had been able to do in Atlanta using compromised password credentials.
PKI closer to home
Looking at the future, it is important to note that while PKIs were initially focused on end-user identities, digital documents and transactional signatures, they are now supporting an increasing number of connected devices as part of the Internet of things (IOT).
CyberTech is a verified reseller of Crypto hardware that not only strengthens the security when it comes to PKI-based solutions, but also provides a secure key management framework for your PKI keys. “As proven by the Atlanta ransomware use case, PKI and stringent cryptographic certification measures are a key component to protecting businesses from credentials being breached and their networks being infiltrated,” Venter says.
“Our market-leading Crypto hardware solutions and services allow organisations to keep pace with innovation while protecting their business’s critical assets from harmful security breaches.”
Share