Passive Network Tapping is Making a Comeback!

Passive Network Tapping

For the past few decades, every CISO and cybersecurity leader knows that encryption provides the fundamental defense layer to data and network traffic. The concept of network encryption, also known as ‘data encryption in transit,’ is regarded as an essential component of organizational security hygiene. The RSA, one of the most renowned cybersecurity conference series globally, derives its name from the RSA public-key encryption technology developed in 1982. The most popular network encryption – AES – has become a must-have standard for every type of organization. Indeed, as the bulk of the organization’s network traffic is now encrypted by either AES or RSA encryptions. The common attack vector of network tapping has vanished. No longer requires mitigation planning and compensation controls by security leaders.

Network Encryption and Quantum Computers

However, the ever-evolving landscape of technology could significantly alter the current approach of protecting the network with an encryption defense layer. The development of quantum computers, which are powerful enough to break popular encryption technologies, along with the recent rise of cybercrime-as-a-service (CaaS) propelled by state-sponsored endorsements, may emerge as a major paradigm shift to how cyber security leaders have been viewing and utilizing network encryptions.

Due to their superior processing capabilities, quantum computers pose a serious threat to current encryption methods. This powerful computational paradigm, capable of processing data at unprecedented speeds, is projected to bring transformative advancements across multiple industries. Particularly in cybersecurity, the impact could be profound. Breathing new life into cyber-attack practices that leverage older, dormant passive network tapping.

RSA Encryption Algorithm

For example, the RSA encryption algorithm (currently considered highly secure) is based on the difficulty of factoring large numbers. A quantum computer could potentially break these encryption methods by using Shor’s algorithm. Which can factor large numbers exponentially faster than a classical computer. By comparison, a classical computer would need longer than the age of the universe to achieve the same. Indeed, in December, a team of Chinese scientists published a paper [2] that claimed it had a quantum algorithm that could break RSA with a 372-qubit quantum computer ( few commercial organization have this computing power already [1] ) in a matter of hours. Considering the growth trajectory of quantum computing, it’s reasonable to anticipate that within a few years, a significant number of encryption protocols currently in use could become vulnerable to quantum-based attacks.

Passive Network Tapping Devices

Network tapping devices are passive devices. Used to tap and extract valuable information from network traffic without raising any suspicion. Most of today’s security leaders either didn’t live in the era when network tapping devices were used. Or got used to the fact that this is not anymore, a risk that needs to be addressed. Moreover, because of the strong shift to cloud services along with the work from home (WFH) trend, today, enterprise’s network boundaries are no longer isolated, well-defined, and protected. As a result of that, security leaders practically lost the ability to conduct continues security controls. And implement compensation controls over their enterprise network. Instead, Security leaders rely on the fundamental notion that the network is encrypted and hence secured.  So, the revival of passive network tapping threats may be a more potent method of attack than ever before.

Quantum Computing and Network Cybersecurity

Quantum computing’s full implications are still unfolding but considering the recent rise of cybercrime-as-a-service (CaaS[3]). The augmentation of CaaS with quantum computing may become a much more imminent challenge for cybersecurity leaders. Cybercriminals could rent access to the incredible computing power of quantum computers. Which they could then use to break network encryption algorithms. Then offer that (as a service) to many more criminals across the globe. Some of the devastating and successful attacks, such as the Sony Pictures attack (2014), the RSA SecurID breach (2011), the Anthem data breach (2015), and the Yahoo data breach (2013), involved brute-force attacks to crack encryption keys or passwords.
Implementing CaaS with the computing power of quantum computing will enable malicious actors to conduct a brute force attack on the network encryption by using a passive network tapping device. Cybercriminals are suspected already of exfiltrating organization’s data to “Store Now Decrypt Later” (SNDL).[4]

Quantum Computing and Network Cybersecurity

While the full realization of this confluence may still be a few years off, needless to mention that this will have a devastating impact on the baseline security of businesses and individuals. Hence, it is essential for cybersecurity leaders to stay abreast of these developments. It should prompt a rethink of the entire organization’s cybersecurity stack and defense layers.

Who would experience the initial impact of this new threat? It is likely that the first targets would be the big financials’ organizations. Promptly followed by government agencies and government organizations. As financial organizations represent a clear profitable ROI to cyber criminals (ROI Calculator for IT Asset Management).

Strategies for Mitigate Quantum Computing Cybersecurity Risks

Two strategies can be considered to mitigate the risks posed by quantum computing and CaaS. These include:

Adopting Quantum-resistant Encryption

This encryption type is designed to remain secure even against quantum computers. The new field of ‘post-quantum cryptography’ includes developing algorithms that are secure against quantum computers. But they are not yet as widely used as traditional encryption algorithms.[5] Already in 2016, NIST announced a competition for programmers to propose new post-quantum encryption algorithms.[6] However, since then, the results have been mixed. This approach is quite elaborate, costly, and requires the use of nonstandard encryption and decryption devices. Also, in this technological race with many cyber threats, cybersecurity leaders would never know if they were ahead of the game or lagging behind.

Adding the Tapping Protection Security Layer

This measure includes augmentation of the organization’s security stack by going back to basic cybersecurity best practices. Implementing security controls, monitoring, and the proper protection of these looming threats. This is straightforward, easy to implement and ensures that no tapping device (even as simple as a passive Throwing Star LAN, PlunderBug or an unmanaged switch hub) can be  connected to the network without being discovered and controlled. For example, Sepio’s platform offers an outstanding way to implement this additional defense layer. Providing full visibility and control over any hardware assets in the enterprise network. Including full coverage of the endpoint’s environment (which may be outside of the enterprise’s security boundaries) all the peripheral assets, and more[7].

To summarize; the rebirth of passive network tapping via quantum computing used by CaaS is not a mere possibility. It’s a forthcoming reality we must prepare for. It is time to rethink our security strategies. To evolve alongside technology and redefine the boundaries of what we consider secure.

*Authentic content: The author and his colleagues wrote this article without using any AI tools.








May 29th, 2023