Unless they have strong cryptography practices, it’s nearly impossible for organizations to detect unauthorized, encrypted traffic coming in or out of their network. It’s also entirely possible that the attackers that perpetrated the 2013 breach retained access to the Yahoo! network and attacked again in 2014.
Kevin Bocek, chief security strategist for Venafi, discussed the expanded Yahoo! data breach with Sky News. Watch the video below to hear his thoughts on the attack and how organizations should handle encryption in the future.