Ransomware attacks, like the Kaseya attack this past weekend, leverage obfuscation of malicious files and data to carry out the attack. They also leverage encryption to ensure success in their attack.
But what does this mean? Many people don't realize the subtle difference that exists between obfuscation and encryption. In this article were going to explore that difference!
Let me first define Obfuscation and Encryption so we can level set and make sure were all on the same page.
Let’s take a moment and think about this. These seem very similar, but if you compare the action of the first to the second you see the difference immediately. Successful obfuscation makes something obscure; it does not make it impossible to see. Successful encryption on the other hand makes something impossible to see without a key.
Confusion
But wait! This sounds a little like something else I have read before, called hashing and encoding.
Hashing, encoding, encryption and obfuscation are tools to achieve different outcomes, I’ll explain those quickly below:
- Hashing: This is meant to provide verification of the integrity of something (a file for instance).
- Encoding: This is changing the format of something into a different format.
- Encryption: This is a method for controlling access to data.
- Obfuscation: This is a method for making something harder to see or understand
Let’s walk through the practical side of each of these terms, once we are done here, I know you will have a complete understanding of the topic!
First, hashing is most often used to verify a file has not been changed from its original state.
Problem: How do I know that this configuration file is exactly how I left it last month?
Solution: Because you generated a hash of this config file last month, you can now generate a new hash and compare the hashes to verify the integrity of the file.
For our practical demonstration, think of encoding a lot like you would think of translating this blog post from English to Spanish. The practical application of encoding is very similar!
Problem: You created a video (file) on your phone, but the video playback app on your computer doesn't support that file format.
Solution: You encode the file into a format that is understood by the application.
*Encoding is the most common method to OBFUESCATE data/files.
Encryption is ubiquitous at this point. It’s used behind the scenes, to keep our communication confidential and to only allow those who are authorized to access our communications.
Problem: You need to send your username and password for your bank across the internet, but don't want to do so without ensuring only you or the bank have access to that data.
Solution: Your browser (or mobile app) establishes an encrypted connection to the bank's server, and inside of the encrypted connection all the data transmitted is encrypted to protect it from unauthorized access.
Obfuscation is probably the term that produces the most "what.....does it do again?" types of responses from people.
Think of obfuscation as camouflage for data. You’re obscuring the data, but not limiting access (like encryption). Why would someone want to obfuscate data? Let’s explore that with the problem below.
Problem: I am a hacker; I want to attack an organization, but I know they have deployed AV on their endpoints so if I re-use the same malware that I used a month ago the AV will probably catch it.
Solution: Because I am crafty, I encode the malware to obfuscate (camouflage) the contents of the malicious file from the AV and avoid detection.
