SSH Key Hacking: Why Traditional Antivirus is Not Enough

Keys - Blog

Nowadays, there is not a single computer that can be found without some sort of anti-malware software installed. In a business, it seems like common sense and common practice to ensure that every piece of equipment is looked-after by an IT team.

So, if malware protection is so common in household and office devices, why is it that businesses continue to be victims of cyber attacks? The answer is simple: device mismanagement.

Many businesses rely on using some sort of antivirus protection on their devices, thinking this is enough to protect them from a potential cyber security threat. However, in reality antivirus software doesn’t really mitigate the probability of a cyber crime. Businesses use techniques such as antivirus software or techniques as old as from 20 years ago in which devices end up being poorly protected and exposed to serious threats.

Currently, data navigation relies on cloud storage, micro-services, radio frequency communication and APIs, which require authentication that only a machine can provide. When a cyber criminal can break this link, it’s game on.

Cyber-criminals use their opportunity of breaching a business’ platform to steal employee personal information, sensible data of business operations, erase and keep data to be used as ransom, engage in espionage to acquire information, acquire clientele and customer’s details, steal bank account information and get access to security keys, passwords and administrative accounts to manipulate and disable devices. Once a criminal has access to any of this information, the sky’s the limit to what they can do with this data.

And although digital security steps make continuous progress to prevent these security breaches from happening and communication is protected by intricate SSL/TLS encryption, the keys to that encryption are protected as they should be. This is where cyber criminals look so that they can gain access to a business’ network.

“While investigating the attack surface against machine identities, especially SSH, I noticed that throughout 2019 there was a big increase in the exploitation of SSH keys. Threat actors started adding SSH capabilities to existing commodity malware.” -Yana Blachman, threat intelligence expert at Venafi for SecurityWeek

SSH keys are vulnerable because they provide access to servers and databases within a company. Because of this, a criminal doesn’t even necessarily have to take information from a business, they can simply steal the SSH key and sell it as a back-doored system, just like stolen passwords and RDP keys can be found in this market.

As malware is designed to target credentials and look for hostname and username data for lateral movement, the acquisition of this information can cause irreparable damage to a business of any size. 

The best reason why SMBs need to invest into the right cybersecurity strategy with a company they can trust is because when it comes to the world of cyber criminals – knowledge is money. One can never be too prepared or too educated on the subject of cybersecurity, as it is an ever-evolving subject that changes as criminals change their habits and techniques to steal that which is invaluable to you, but profitable for them. 

Ready to protect your business?

Talk with us today.
We help simplify cybersecurity for small business.
We'll save you time, money and stress in getting your business and data protected. All our advice is plain english and jargon free. We promise no cyber-tech speak. Contact us today.

Call us today on 1300 646 527

Website Contact Form
Scroll to Top