The internet revolution is in full swing. Unfortunately, cybercrime is also evolving at an astonishing pace. More and more cases of cryptographic key attacks, especially with the exploitation of SSH/TLS keys, are being reported lately. These kind of vulnerabilities are most commonly found in WordPress powered websites today. Let’s dive into it.
Cryptographic solutions are used to encrypt data transmission over wireless or wired protocols. Unfortunately, these techniques are proving to be vulnerable to malicious cyberattacks, via which data can be stolen or manipulated. A cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme.
Also known as Cryptanalysis, this technique is used to breach cryptographic security systems and gain access to sensitive data, even if the cryptographic key is unknown. In addition to the mathematical analysis of cryptographic algorithms, cryptanalysis includes the study of side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves but instead exploit weaknesses in their implementation.
SSH (Secure Shell) is a secure way to connect to servers and communicate with them. You can use it to get a terminal on a remote server and enter commands. In the WordPress world, SSH is most commonly used for SFTP or secure FTP. There are two common ways to sign in to a server when using SSH or SFTP. You can use a username and password, or you can use “key-based” authentication.
When using key-based authentication, you create a public and private key. You place the public key on the server you want to sign in to. You keep the private key saved in a local SSH configuration directory. When you fire up your SFTP client, it authenticates using key-based authentication. If your private SSH key gets compromised, hackers can use it to sign in to any server where you have set up key-based authentication.
As a cryptographic network protocol, SSH is most often used for secure remote logins to remote computer systems. Successful theft of a private key gives the hacker access to any server or system where that private key is used for authentication. This risk is not just limited to WordPress, but also Linux and Unix systems and embedded devices that also rely heavily on SSH for secure logins and connections.
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites. Terms such as “root,” “ssh,” or “id_rsa” are being searched in hopes of finding web directories containing private SSH keys, most likely mistakenly stored on public directories. More often than not, admins lose track of SSH keys and host both the public and private keys online.
For starters, you can protect your private SSH keys using a password. You get this option when you initially generate the keys. Password protected SSH private keys can’t be used by attackers unless they can guess the password. However, most users opt not to protect their SSH keys with a password, because typing the password every time they want to authenticate to a remote server is viewed as an inconvenience.
Unfortunately, despite the exponential rise in cybercrime incidents involving SSH keys, companies are still not adopting a proactive approach. Seldom are good SSH security practices followed. Unlike digital certificates that eventually expire, SSH have no expiration date and passwords are seldom changed. A sound mapping and management strategy is necessary to steer clear of danger.
With advanced systems like Venafi, you can continuously apply controls that secure privileged access across the global extended enterprise, automating the entire SSH key lifecycle from issuance to decommissioning. With complete, enterprise-wide visibility into SSH key inventories identifies, you can map trust relationships between hosts and users. Monitoring and detecting malicious behavior becomes much easier.
Gain centralized visibility into all SSH keys and lower security risk exposure by identifying all SSH keys that are not compliant in your ecosystem. Stay safe!