NEW

3 Cybersecurity Predictions for 2025

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Strategic Decryption

Detect and Stop the New Breed of Encrypted Attacks

The new class of attack techniques take advantage of recently released exploits. Encryption can be used to mask the exploitation of 60% of the most frequently targeted network vulnerabilities. Can you see them coming?

Ransomware Attacks

delivered through encrypted channels


Attackers Can Hide

in encrypted traffic on your critical infrastructure


High-Risk Vulnerabilities

that are leveraging encrypted pathways


How Attackers Use Encryption to Live Off the Land

Advanced attackers use encryption to decrease the likelihood of being caught and reduce the effectiveness of forensic investigation. As the use of encrypted protocols for network traffic inside the enterprise increases, attackers are finding that the stealthy channels they need are ready-made for them inside their target networks.

A new breed of attack technique is rapidly developing to take advantage of these preexisting encrypted channels.

Attackers use these techniques in many ways, including:

  • Privilege escalation and persistence through Kerberos ticket attacks

  • Using commonly encrypted protocols to rapidly and broadly distribute ransomware or other malicious files without detection

  • Data exfiltration from databases, storage clusters, or cloud storage across encrypted protocols

How the City of Dallas Leverages RevealX for Unmatched Network Visibility

PrintNightmare and Ransomware

The PrintNightmare vulnerability offers attackers an encrypted channel for lateral movement and distribution of ransomware. The vulnerability affects every version of Windows.


ProxyLogon

The Microsoft Exchange vulnerabilities known collectively as ProxyLogon enable remote code execution across an encrypted channel. The potential impact is enormous due to the ubiquity of Microsoft Exchange.


Microsoft Protocol Attacks

Microsoft authentication protocols such as Kerberos, as well as application protocols such as SMBV3, are commonly abused by attackers to maintain stealth while using encrypted living-off-the-land techniques.


When our organization was hit by DarkSide ransomware, ExtraHop Reveal(x) alerted us to activity at the very outset of the attack. We were able to use that information to act quickly to stop further exfiltration and encryption.

LARGE NORTH AMERICAN RETAILER

carousel image