Most information technology professionals would agree that encryption is required to protect one’s valuable network data but can it can be used by adversaries to create network security problems?
While encrypting data is still the norm to protect businesses and their assets, encryption is coming under fire. Increasingly hackers are using this very tool designed to protect data as a means of stealing information and holding it hostage.
The emphasis on encryption has meant an increased focus on the importance of metadata. As 5G networks and the Internet of Things (IoT) proliferate, so too is it likely that metadata will become a critical means for law enforcement to track and apprehend those responsible for ransomware attacks and other crimes.
The Growth of Encryption and Its Affect on Network Security
Encryption has become a popular way to protect data in transit and at rest. It scrambles data, making it unreadable unless the reader has a decryption key that decodes the text.
Cybersecurity encryption plays an essential role in the transmission of information and its storage, whether on onsite servers or in cloud-based systems. In many cases, such as for personal health information or financial data, it’s a requirement imposed by government agencies or regulators.
Yet the powerful mix of algorithms that scramble and then unscramble data are becoming a weapon.
Ransomware, in which hackers lock up data or systems, is rapidly becoming one of the most common areas of cyberattack. A ransomware attack is effective because the data is accessed and then encrypted by the hacker, effectively making the data inaccessible for the host organization. Hackers demand large payments, often in the form of cryptocurrency, or threaten to release personal and proprietary information if demands are not met.
A recent report by Palo Alto Networks notes the average ransomware payment demand was $5.3 million in first half 2021. That’s a 518 percent increase over the same period a year earlier.
Use of encryption in cyber crime activities is popular with hackers because it leaves their victims helpless. The loss of access to valuable data can be expensive not just financially but reputationally.
Leveraging Metadata to Identify Anomalous Network Activity
Modern telecom companies need practical lawful intercept solutions to deal with multiple ways that malefactors misuse others data. With so much data encrypted today, law enforcement agencies face major challenges.
Encryption prevents access to the key content in an email message, file or phone conversation. However, even though human-to-human content may be encrypted, machine-to-machine information still contains metadata that can be very useful.
Privacy by design was a fundamental design element of 5G networks, with end-to-end encryption the expected norm. With the growth of 5G networks in coming years, network communications are likely to approach 100 percent encryption.
While that’s good for privacy concerns, it’s a problem for law enforcement. However, metadata can help provide valuable network intelligence.
Metadata, interconnected from multiple sources, can begin to provide agencies with key information about subjects of interest. Metadata can provide investigators with information about who is sending each message, what application is being used and their geographical locations. The location information is more granular with 5G base stations than with 4G networks due to 5G base station service area radii.
With the increasing prevalence of IoT objects, there are even more metadata sources available to law enforcement. While text messages and emails may not be available, metadata can be extracted from surveillance cameras, smart cars and other IoT objects.
By studying this metadata, investigators may learn of other parties or locations of interest. The fusing of this data from disparate elements can help provide better profiles of subjects of interest.
Some Guidelines for Optimizing a Metadata Strategy
What can law enforcement agencies do to optimize their approach to metadata? Here are three tips:
- Define Goals. Agencies need to define how metadata will be collected and used, especially as the volume of available metadata grows.
- Build a Schema. Agencies need to automate the tagging and categorization of unstructured data for future reference. Doing so allows for better queries of that data when needed.
- Focus on Data Quality. Normalizing and validating data is essential. Basic checks are necessary when data is received to ensure consistency and accuracy, allowing it to be properly indexed.
While encryption is being leveraged by criminals to increase cybercrime, there is still underlying metadata which can provide a powerful tool for network security teams. Combating the threat of ransomware and other cyberattacks will require complex solutions that leverage the power of available metadata. At NetQuest, we help service providers, enterprises and government agencies with scalable network visibility solutions for cyber intelligence and network security. To learn more about our solutions for lawful intercepts and other applications, contact us today.