It’s always hard to calculate the exact impact of a breach. But in the latest Yahoo breach there are a billion ways to measure loss of customer confidence. If that isn’t serious enough the breach could have measurable impact on the Verizon’s $4.8 billion acquisition plans for Yahoo.
Venafi VP of security strategy, Kevin Bocek thinks it’s very likely that poorly protected encryption was used to exfiltrate Yahoo’s data because there were such massive amounts. “Yahoo has suffered two breaches that together impacted 1.5 billion users—it seems very likely that the data was encrypted during exfiltration and that’s how the attackers managed to move such a massive amount of data while staying under the radar of Yahoo security tools.” He continues, “It’s nearly impossible for any organization to detect unauthorized, encrypted traffic coming in or out of their network unless they have strong cryptography practices.”
In September, right after Yahoo disclosed their 2014 breach that allowed data from 500 million Yahoo users to be exfiltrated, Venafi Labs took an in-depth look at externally facing Yahoo web properties and the details of how these sites were using cryptography. As outlined in a previous blog, we found the encryption practices on these properties to be relatively weak.
Here’s what our cryptographic security researchers found:
It’s also entirely possible that the attackers that perpetrated the 2013 breach retained access to the Yahoo network and attacked again in 2014. Our research indicates that it would be very difficult for Yahoo to detect abuse of their assets that secure encryption. This doesn’t surprise Bocek, who sees this as a relatively common problem. “We find many large organizations with deep investments in security technology don’t have adequate visibility or controls around the encryption they rely on to protect critical data.”
How well have you secured your encryption assets?