Passive Network Tapping is Making a Comeback!

Passive Network Tapping

For the past few decades, every CISO and cybersecurity leader knows that encryption provides the fundamental defense layer to data and network traffic. The notion of network encryption (also known as ‘data encryption in transit’) is considered an integral part of the organization ‘security hygiene’.  The most popular cybersecurity series of conferences worldwide, the RSA, is named after the RSA public-key encryption technology developed back in 1982. The most popular network encryption – AES – has become a must-have standard for every type of organization. Indeed, as the bulk of the organization’s network traffic is now encrypted by either AES or RSA encryptions, the common attack vector of network tapping has vanished and no longer requires mitigation planning and compensation controls by security leaders.

However, the ever-evolving landscape of technology could significantly alter the current approach of protecting the network with an encryption defense layer. The development of quantum computers, which are powerful enough to break popular encryption technologies, along with the recent rise of cybercrime-as-a-service (CaaS) propelled by state-sponsored endorsements, may emerge as a major paradigm shift to how cyber security leaders have been viewing and utilizing network encryptions.

Due to their superior processing capabilities, quantum computers pose a serious threat to current encryption methods. This powerful computational paradigm, capable of processing data at unprecedented speeds, is projected to bring transformative advancements across multiple industries. Particularly in cybersecurity, the impact could be profound and potentially breathe new life into the cyber-attack practices that leverage older, dormant passive network tapping.

For example, the RSA encryption algorithm (currently considered highly secure) is based on the difficulty of factoring large numbers. A quantum computer could potentially break these encryption methods by using Shor’s algorithm, which can factor large numbers exponentially faster than a classical computer. By comparison, a classical computer would need longer than the age of the universe to achieve the same. Indeed, in December, a team of Chinese scientists published a paper [2] that claimed it had a quantum algorithm that could break RSA with a 372-qubit quantum computer ( few commercial organization have this computing power already [1] ) in a matter of hours. Looking at the growth trajectory of quantum computing, it’s reasonable to foresee that in a matter of a few years, a significant number of encryption protocols that are used today could be vulnerable to quantum-based attacks.

Network tapping devices are passive devices that are used to tap and extract valuable information from network traffic without raising any suspicion. Most of today’s security leaders either didn’t live in the era when network tapping devices were used or got used to the fact that this is not anymore, a risk that needs to be addressed. Moreover, because of the strong shift to cloud services along with the work from home (WFH) trend, today, enterprise’s network boundaries are no longer isolated, well-defined, and protected. As a result of that, security leaders practically lost the ability to conduct continues security controls and implement compensation controls over their enterprise network. Instead, Security leaders rely on the fundamental notion that the network is encrypted and hence secured.  So, the revival of passive network tapping threats may be a more potent method of attack than ever before.

Quantum computing’s full implications are still unfolding but considering the recent rise of cybercrime-as-a-service (CaaS[3]), the augmentation of CaaS with quantum computing may become a much more imminent challenge for cybersecurity leaders. Cybercriminals could rent the access to the incredible computing power of quantum computers, which they could then use to break network encryption algorithms and offer that (as a service) to many more criminals across the globe. Some of the known, devastating, and successful attacks, such as the Sony Pictures attack (2014), the RSA SecurID breach (2011), the Anthem data breach (2015), and the Yahoo data breach (2013), were conducted via a brute-force attack cracking encryption keys or passwords. Implementing CaaS with the computing power of quantum computing will enable malicious actors to conduct a brute force attack on the network encryption by using a passive network tapping device. Cybercriminals are suspected already of exfiltrating organization’s data to “Store Now Decrypt Later” (SNDL).[4]

While the full realization of this confluence may still be a few years off, needless to mention that this will have a devastating impact on the baseline security of businesses and individuals. Hence, it is essential for cybersecurity leaders to stay abreast of these developments, and it should prompt a rethink of the entire organization’s cybersecurity stack and defense layers.

Who would be the first to be impacted by this new threat? It is likely that the first targets would be the big financials’ organizations, promptly followed by government agencies and government organizations, as financial organizations represent a clear profitable ROI to cyber criminals.

There are two strategies that can be considered to mitigate the risks posed by quantum computing and CaaS. These include:

  1. Adopting quantum-resistant encryption: This is a type of encryption that is designed to be secure even against quantum computers. The new field of ‘post-quantum cryptography’ includes developing algorithms that are secure against quantum computers, but they are not yet as widely used as traditional encryption algorithms.[5] Already in 2016, NIST announced a competition for programmers to propose new post-quantum encryption algorithms.[6] However, since then, the results have been mixed. Needless to mention that this approach is quite elaborated and costly and requires the usage of nonstandard encryption and de-encryption devices. Also, in this technological race with many cyber threats, cybersecurity leaders would never know if they were ahead of the game or lagging behind.
  2. Adding the tapping protection security layer: This measure includes augmentation of the organization’s security stack by going back to basic cybersecurity best practices; implementing security controls, monitoring, and the proper protection of these looming threats. This is straightforward, easy to implement and ensures that no tapping device (even as simple as a passive Throwing Star LAN, PlunderBug or an unmanaged switch hub) can be  connected to the network without being discovered and controlled. For example, Sepio’s  platform offers an outstanding way to implement this additional defense layer by providing full visibility and control over any hardware assets in the enterprise network, including full coverage of the endpoint’s environment (which may be outside of the enterprise’s security boundaries) all the peripheral assets, and more[7].

To summarize; the rebirth of passive network tapping via quantum computing used by CaaS is not a mere possibility; it’s a forthcoming reality we must prepare for. It is time to rethink our security strategies, to evolve alongside the technology, and to redefine the boundaries of what is deemed secure.

*Authentic content: This article was written by the author and his colleagues. No AI tools were used to create it.








May 29th, 2023