Category: quantum

Starbucks Coffee Lovers Box Phishing Scam Alert

Starbucks is making headlines due to a phishing scam targeting its customers with a promise of a free “Coffee Lovers Box.” However, this offer is entirely fraudulent. According to an update from Action Fraud, this ongoing scam has already victimized over 900 individuals, and that number continues to rise.

The true intent of the scam is to extract sensitive information from victims, potentially leading them into financial difficulties. The emails sent to unsuspecting users contain malicious links that redirect them to counterfeit websites.

It is clear that this scam is unrelated to the Starbucks brand. Scammers often exploit the names of well-known companies in their emails to attract online users, tricking them into scams that can lead to significant financial losses.

Online users are urged to remain vigilant regarding the Starbucks Coffee Lovers Box phishing scam and to promptly report any incidents of being targeted. Timely reporting can assist law enforcement in recovering lost funds more efficiently.

China’s Quantum Computing Threat to Encryption

In the coming years, Chinese hackers are expected to breach cryptographic systems using advanced quantum computing techniques. Researchers at Shanghai University are reportedly developing methods to exploit quantum computers to compromise encryption systems, posing a significant threat to cybersecurity.

The team is utilizing D-Wave quantum annealing systems to attack RSA encryption methods, which could undermine the future of symmetric encryption. Their research paper, titled “Quantum Annealing Public Key Cryptographic Attack Algorithm based on D-Wave,” is still in the early stages and requires further research and analysis to tackle complex optimization challenges.

In response to potential threats from quantum computing, the NSA launched a program in 2015 aimed at developing quantum-resistant cryptography. This initiative, known as the “Post-Quantum Cryptography Standardization Process,” was intended to conclude by 2016.

Since then, three Federal Information Processing Standards (FIPS) concerning quantum-resistant cryptography have been introduced, with additional developments expected to adapt to the evolving landscape of cyber threats.

The post Beware of Starbucks Phishing Scam and China using Quantum tech to break encryption appeared first on Cybersecurity Insiders.

The anticipated advent of quantum computing will have a devastating impact on existing modes of asymmetric data encryption. It’s likely that within the next few years, quantum-capable entities will gain the ability to decrypt virtually every secret possessed by individuals, governments and private industry where asymmetric encryption algorithms such as RSA, Finite Field Diffie-Hellman, and Elliptic Curve Diffie-Hellman have been used for protection.

The looming failure of today’s encryption is an alarming prospect and yet the government and various standards bodies require a greater sense of urgency which an existential event like this demands. With the steal-now-decrypt-later (SNDL) threat from quantum, there is a compelling need for solutions that can be deployed today. If history is any indicator, the critical problem we currently face is that the cycle time for migrating to new post-quantum resistant encryption algorithms and related standards will be too long to mitigate the danger posed by the oncoming quantum threat. Quantum computers, which are expected to become viable in the next few years, use subatomic particles and quantum mechanics to perform calculations faster than today’s fastest conventional supercomputers. With this computing power comes the ability to crack encryption methods that are based on factoring large prime numbers. An algorithm introduced by Peter Shor back in 1994 provides a method for the factorization of these large prime numbers in polynomial time instead of exponential time with the use of a quantum computer. What this means to us is that while a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need approximately 10 seconds to accomplish the task. We don’t have a decade for 30 revisions on the standard to get this right, as we have seen from previous standardization efforts.

It may be comforting to think that because quantum computers of a crypto-logically significant scale don’t exist yet, there is nothing to worry about today. However, this idea is a mistake for two reasons. First, quantum computing is advancing at a faster pace than anyone previously contemplated. Second, malicious actors can steal encrypted data today and decrypt it with a quantum computer when quantum computers become available. This is the SNDL threat highlighted above. Banks use quantum-vulnerable public key exchange to validate your account access, as do health providers transmitting digital health records, as well as the IRS when e-filing your taxes. Even VPNs and the core infrastructure (routers and network switches) implement quantum-vulnerable key exchanges when using IPSec and MacSec protocols. Once quantum computing comes on-line, a bad actor can discover the private keys associated with these public keys and the contents of wallets, records and accounts  will become available to the attacker.

Users need a simple control plane that enables them to select any crypto library they desire to defend against these evolving quantum threats. Additionally, many nations are developing post-quantum resistant algorithms and may not want to wait on NIST to standardize an algorithm or certify an implementation and need a solution that provides them with the agility to employ the post-quantum cryptographic algorithms of their choice – in effect, a bring your own algorithms (BYOA) approach.  

Agility allows us to future-proof systems against both novel cryptanalysis and implementation errors.  It shortens the time between the demonstration of a vulnerability in an algorithm, implementation, or protocol, and the patching or upgrading of all applications and services affected by the vulnerability. Agility enables the transition to more efficient algorithms or implementations. Quickly eliminating vulnerable algorithm implementations calls for the capability to access different implementation libraries for the same algorithm and enable “fall back” and switching to other algorithms. For example, a software library may implement an algorithm in a way which is vulnerable to attack. KyberSlash1 and KyberSlash2 impacted the implementation of the Kyber algorithm in all but six of 22 popular crypto libraries. It took more than 90 days to patch the vulnerable implementations on most of the affected libraries. A crypto-agile solution should enable an organization to move easily and rapidly between implementations – otherwise the entire security posture and data of the enterprise is compromised.

New quantum secure encryption methods with crypto-agility functionality have been developed and can be deployed immediately. The challenge is to make them work with existing encryption algorithms and protocols while enabling crypto-agility to stay ahead of the pacing threat without having to rip-and-replace the existing infrastructure. After all, it is impossible for every system to upgrade its encryption algorithms all at once.

The post A Bring Your Own Algorithms (BYOA) Approach to Crypto-Agility Addressing Quantum Threats appeared first on Cybersecurity Insiders.

In today’s digital age, safeguarding our systems and data is a monumental change. We have crafted intricate algorithms to encrypt and shield data through asymmetric cryptography frameworks, a strategy that’s served us well. Yet, the emergence of quantum computing looms as a potential game-changer in data security. 

The quantum computing market boom has sparked concerns about the vulnerability of our current public-key cryptography algorithms, putting sensitive data integrity at risk. This urgency demands the advancement of cryptographic protocols to proactively counter these risks and uphold robust data protection standards in this quantum era. 

Due to quantum computing’s expanding influence, advanced cryptographic algorithms will be essential to maintaining data integrity. Additionally, the concern over quantum-resistant data security is heightened by the potential obsolescence of our current encryption methods, which could quickly become ineffective. With quantum computing’s rapid processing power, the window for breaching public-key encryption could shrink significantly, posing substantial risks across multiple sectors. As we adapt to this changing landscape, prioritizing proactive measures in data security becomes increasingly crucial.

Quantum Threats to Data Security

The concern over quantum-resistant data security stems from the realization that current data protection methods rely on algorithms that would take several years to crack traditional computing. However, the advancement of quantum computing could significantly reduce this timeframe, potentially rendering existing public-key encryption algorithms ineffective. Ineffective algorithms could inadvertently open doors for nation-states entities with quantum capabilities to breach data security. These groups, who have already demonstrated expertise in exploiting these vulnerabilities, pose potential threats to critical infrastructure such as government, healthcare and education.

Recognizing this impending threat, some emphasize preparing for quantum computing’s impact by promoting privacy-enhancing technologies. This is crucial as some public-key cryptography algorithms may not withstand the processing power of quantum computing and could be vulnerable to brute-force attacks. 

While quantum computing is often viewed as a potential risk to data security, it also presents an opportunity. Quantum cybersecurity could offer a more robust and effective means of safeguarding critical data. IBM suggests that quantum cybersecurity provides a strong means to protect critical data by effectively leveraging technologies like quantum machine learning to detect and deflect cyber threats.

Preparing for the Quantum Future

In navigating the quantum revolution, companies, now required by PCI DSS 4 12.3.3, must continually assess their cybersecurity infrastructure for vulnerabilities posed by quantum computing. While some traditional security methods may become obsolete, alternatives like tokenization provide adequate defenses against quantum threats by substituting real values with randomized tokens, ensuring data security that cannot be decrypted through mathematical solutions.

Quantum computing will remain an evolving field, and while experts strive to comprehend its nature and potential, it may take years to fully understand its capabilities to develop necessary protocols for safeguarding sensitive data. It’s important to note that long-lasting encryption methods may become challenging to maintain or even test against. Therefore, security teams should aim to regularly access and switch out encryption methods to fortify protection against the evolving quantum threat landscape.

Taking Action: Addressing Future Data Privacy Risks Today

Although there remains much uncertainty surrounding the potential impact of quantum computing, one undeniable fact is that there are other options than waiting for its commercial availability before fortifying security measures against its formidable computing power. Therefore, it is imperative to prioritize investment in data security today to effectively shield against emerging threats, including those posed by quantum computing.

Companies must reconsider their approaches to data protection to address future privacy risks proactively. Despite strides made in quantum computing and data science, such as the emergence of post-quantum encryption, which is already in approval states, there are still clear advantages to implementing robust security measures against looming threat actors and the specter of quantum computing. 

Organizations must remain vigilant in establishing a comprehensive, in-depth, multilayered approach to future-proofing security, recognizing its critical importance amidst the evolving quantum technologies. Being proactive and adaptable is essential to staying ahead of emerging technologies and ensuring readiness for the next stage of advancements.

The post The Quantum Security Challenge: Data Resilience Around the Unknown appeared first on Cybersecurity Insiders.

[By Jerry Derrick, Camelot Secure]

Today, encryption is a cornerstone of our cybersecurity practices. It protects everything from cell phones and SMS messages to financial transactions and intellectual property.

However, a new challenge in the complex landscape of encryption has recently emerged, thanks to the advancement of quantum computing. As a provider of award-winning cybersecurity solutions, Camelot has this new quantum computing challenge to encryption squarely in our sights. What challenges lay ahead? Here is the breakdown:

Quantum Computing (QC), invented in the 1970s by David Deutsch, has made significant steps forward in the following decades and has become a viable technology capable of solving complex computational problems. Based on the laws of quantum mechanics, QC is not bound to the restrictions of classical computers, where everything resolves to a 1 or 0. Instead, QC uses “multidimensional computational spaces” to answer nearly impossible questions. It sounds like sci-fi, but it applies to our current computing environment. 

Quantum Computing presents a unique challenge to all cybersecurity efforts because it has the potential to break some of the commonly used encryption standards used today.

Organizations use symmetric or asymmetric keys to encrypt their data at rest or in motion. Symmetric cryptography, like the Advanced Encryption Standard (AES), utilizes a single key to encrypt and decrypt data. In contrast, asymmetric cryptography (RSA) uses a public and private key to encrypt and decrypt data. The two types of cryptography differ in the security they provide based on their bit count (AES typically uses 128 or 256 bits, and RSA keys typically use 1024-2048 bits) and the password strength the key creator uses.

Due to QC’s threat to circumvent almost any encryption, in 2022, NIST introduced several new encryption key algorithms to address the inherent risks posed by QC. Because of the increased complexity of the algorithms used to generate the keys, they are considered QC-resistant (QCR). The new encryption keys mitigate the potential impact of Grover’s Algorithm, which can break AES-128 encryption in seconds today, and Shor’s Algorithm, which will eventually be able to break RSA encryption as QC technology advances.

In short, suitable algorithms and encryption standards could protect us from the future of QC hackers. But deploying them is a different matter.

Today’s lack of widespread QC availability makes QCR encryption a non-existent priority for most organizations because no perceived threat would require immediate action. Many companies’ IT and cybersecurity teams are already pushed to the maximum and tend to focus their efforts (and budgets) on decreasing current attack surfaces and clearing out the never-ending stream of alarms. 

But that’s no reason to delay action. Complacency yields breaches, especially in cybersecurity. If encryption is not updated to match tomorrow’s threats, what’s to stop malicious actors from decrypting all of the non-QCR data in the future? IBM estimates a 1-in-7 chance that current encryption keys will be breakable by QC as early as 2026, and that chance skyrockets to 1-in-2 in 2031. If today’s data encryption isn’t made QCR shortly, companies could see their information harvested or held ransom, damaging an organization’s reputation and ability to operate.

The best time to upgrade your encryption is before hackers can break it with these new tools—an ounce of prevention is worth a pound of cure, as the saying goes. Part of this prevention is identifying where all essential data resides, how users or systems access it, and the encryption used to protect it. For organizations anticipating the addition of new data sources or applications to their enterprise, part of the planning and encryption selection criteria should include support for QCR encryption. In addition, companies that develop enterprise applications in-house should also update their DevSecOps pipeline to include the integration of QCR encryption to prevent potential issues and rework in the future.

Jerry Derrick is Vice President of Engineering at Camelot Secure. He leads the company’s engineering division and is responsible for the design, development, and sustainment of the Camelot Secure360 platform. Jerry’s responsibilities also include the management of the product roadmap, research and development activities, and ensuring the overall security of the platform and customer data. A cybersecurity engineering veteran of over 20 years, Jerry understands and focuses on the importance of fusing people, processes, and technology to ensure Camelot Secure360 enables organizations to know their environments are secure against the latest threats. Before joining Camelot Secure, he worked at top military and government cybersecurity organizations to develop and deploy tools and capabilities to facilitate the more efficient and effective analysis of cybersecurity data. Jerry graduated from the United States Military Academy with a BS in Computer Science and will graduate with a Master of Liberal Arts, Extension Studies (Information Management Systems), from Harvard University in the Fall of 2023.

 

The post Will Quantum Computing Change the Way We Use Encryption? appeared first on Cybersecurity Insiders.

[John Spiegel, Director of Strategy, Field CTO, Axis Security]

Exploring the SASE and SSE landscape is a daunting task.  With over 30 vendors in the space, each with a point of view, it is easy to get lost in both the technical and marketing aspects of the frameworks.  But SASE and SSE are critical to bringing convergence to network and security, enabling your application delivery system with both speed and security and reducing your organization’s operational and vendor management burden. 

 

While I will not dive deep into how to select your vendor and platform, there are two areas I recommend exploring, arguably two of the most hyped emerging technology categories. Yes, you guessed it, AI and Quantum.  

 

Why should you even think about the twin Taylor Swift of our decade when bringing harmony between the cats and dogs of networking and security?  As Ferris Bueller, a well-known philosopher of the 80s, is known for saying, “Life moves fast.  If you don’t stop and look around once in a while, you could miss it.” 

 

Technology moves at a breakneck speed. Before you know it, these technologies will be areas you need to account for in your technology portfolios.  As it is still early days for both AI and Quantum, how should you think about them today, and where does this conversation happen? The answer is roadmaps.  Each vendor has a roadmap, and it’s important to understand how a vendor’s product offering aligns with your requirements.  This is not a day-one conversation but a discussion area you must address as you begin to down-select the vendors you are considering.  

 

As you engage vendors, each will discuss current features and capabilities as well as make promises about what’s coming soon. In this article, I will help you understand why AI and Quantum must be included in these discussions. 

 

Roadmap Item 1 – AI

 

Every time you open your (insert social media app) or talk with your peers at a conference, the lack of talent in cybersecurity will inevitably come up.  Per ISC2, the gap in 2024 is 4 million workers, and it is not improving. This is exacerbated by the mantra from leadership that you must “do more with less” and lean budget allocations set for this year. Add it all up, and the choices are challenging for those on the frontlines.  

 

Enter AI.  While ChatGCP is hogging all the headlines, AI will remake how we approach security and networking.  But let me be clear, AI is not our cyber messiah, but it will assist us on the operational side of cyber security and will be our aide or guide in optimizing your technology solutions.  For example, in the SSE space, your AI guide will assist you in providing recommendations for your security policies.  Since it can “see” the bigger picture and understands best practices, an operations resource will interact with the AI guide to learn about policy violations and be briefed on possible areas of improvement.  Perhaps there is a policy statement that is no longer being used, or worse, Jim, who was in sales, just moved to marketing.  Should Jim’s privileges for sales be rationalized?  Is there a business impact, such as lower operating costs and greater security outcomes? 

 

What are the questions to ask regarding roadmaps for SASE and SSE vendors?  For AI to work effectively, it must have access to massive data pools.  The performance will never be met without data, the raw oil powering the AI engine.  The question to ask your vendor is how they collect the data, what the data is (hopefully both network and security), and whether or not there is a single data lake. The single data lake is key.  If the vendor’s solution is a series of separate, lightly integrated solutions, it’s time to be concerned.  That’s because it will be hard to train their AI engine and, as a result, lower your operational costs.  I recommend seeking better outcomes with vendors who built on a modern architecture based on Cloud forward principles.  Providing AI assistants and normalizing the data needed for success will be much easier. Make sure to dive deep into this topic, and do not accept soft answers! 

 

Roadmap Item 2 – Quantum

 

The second area is quantum encryption.  Right now, all the key vendors in the space are built on TLS, IPSec, and GRE (yes, they exist), as well as newer protocols like WireGuard.  Experts in the field say by 2030, all of them will be at risk.  Nation-state actors will lead the way, but given Moore’s Law, the cost and power of computing will continue its march forward, putting this futuristic capability in the hands of garden-variety blackhats. That means it will become very easy to break modern protocols.  

 

Why is this a critical roadmap question to ask? Both SASE and SSE are generally consumed on 3—to 5-year terms. The time to value for a full SASE or SSE deployment can also take 12-36 months. Why? You are consolidating what were previously point products from different vendors. Thus, you need to consider the financial impact. Is the solution depreciated? When does support expire? Given the time horizon, 2030 will be here before you know it.  

 

So, what do you need to ask?  The more innovative vendors are already planning.  They will have a strong message regarding quantum and should already have an MVP in process.  It may not be in general availability for a year or two which is ok. Remember, you are looking for the indication that quantum encryption is coming and a rough time frame. What you’re not looking for is a blank stare or a talk track where you’re told,  “Don’t be concerned.” That’s when you should be concerned!  It’s because the vendor either has not thought about it or, worse, the architecture they’ve based their solution on has become difficult to scale due to technical debt and operating costs. Asking the quantum question helps you understand the future and the present state of their technology.  It’s not necessary to do a deep dive on the various quantum protocols. At this stage, you want to see how they respond.  In addition, if this is an area you are passionate about, you may be able to influence their roadmap as it is still early days for quantum encryption.

 

Exploring the roadmaps of vendors you are down-selecting is an essential due diligence activity in procurement.  You want to understand where the product is going, its vision for the future, where it is deficient, how you can influence its roadmap to solve your key business challenges, and, critically, how much of a partner it can be.  Much can be uncovered and gained from these critical discussions….  Always do a roadmap review before purchase, and …. make sure to ask about AI and quantum encryption!!!

 

 

The post Exploring SASE and SSE Roadmaps with the Two Taylor Swifts of the Decade – AI and Quantum appeared first on Cybersecurity Insiders.

[By Rebecca Krauthamer Chief Product Officer and Co-Founder of QuSecure; and Michelle Karlsberg, QuSecure Fellow]

Imagine a labyrinth, continuously twisting and turning, morphing its layout so just when you think you’ve identified a safe path, the landscape shifts. Navigating it would be a Herculean task. Welcome to the new world of cybersecurity – an ever-changing, intricate maze where new threats lurk around every corner. The biggest challenges of this digital labyrinth stem from the rise of intelligent technologies. Online hackers are our modern-day Hydra (Hydra was a many-headed monster in Greek mythology that was slain by Hercules, whose head when cut off was replaced by two others), and cutting-edge cyberattacks are their weapon of choice.

The wave that is cresting today is artificial intelligence, and right behind it is quantum computing. But these new technologies are not all evil. On the one hand, they lead to an age of unprecedented technological capabilities and advancements. On the other hand, they can be used to create brand-new threats, introducing vulnerabilities previously unimagined, leaving our current cybersecurity systems defenseless. As these threats continue to rise, one thing is clear: Our approach to cybersecurity must evolve. It’s time that we equip ourselves with advanced defenses to match these advanced threats. Organizations need to arm themselves with AI and quantum-resilient shields.

Artificial Intelligence and Advanced Threats

There is no limit to the new vulnerabilities that arise from AI and quantum computing. With each innovation and advancement, Pandora’s Box opens wider, unleashing a swarm of cryptographic threats.

One imminent threat is AI-based malware attacks. In a project to understand emerging cybersecurity threats, IBM Research developed DeepLocker in 2018. DeepLocker blends AI and traditional malware – foreseeing a dangerous threat on the horizon. According to IBM, “This AI-powered malware is particularly dangerous because, like nation-state malware, it could infect millions of systems without being detected. But, unlike nation-state malware, it is feasible in the civilian and commercial realms.” DeepLocker showed us the potential for a dangerous combination of AI and malware even back five years ago, highlighting the urgency for new, robust, and agile defenses.

Fast forward to 2023, generative AI has hit the scene and naturally hackers are already using this new technology for attacks. Today, cybercriminals are using ChatGPT and other large language models to make phishing emails and code malware. Checkpoint Research has found that, “Cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT’s barriers and limitations.”

As we speed into the age of artificial intelligence, it’s clear that our current cybersecurity methods will not keep up. It is critical to continuously develop our defenses and remain agile to combat these emerging threats.

The Shield of Cryptographic Agility

In our ever-evolving digital labyrinth, cryptographic agility – cryptoagility for short – is a crucial defense mechanism. It gives us the capability to rapidly modify the use of cryptographic algorithms and keys, a necessary action to stay ahead of future evolving cybersecurity threats.

An example of the need for cryptoagility can be drawn from the 2014 Heartbleed Bug attacks. The bug revealed a crucial weakness, allowing attackers to read the memory of thousands of systems and steal valuable information. The companies that managed to recover quickly were those that demonstrated cryptoagility, swiftly replacing their compromised cryptographic keys and algorithms with new secure ones. This incident serves as a clear example of the importance of cryptoagility in our ongoing battle against dynamic cybersecurity threats.

Although the Heartbleed Bug has been solved, there is always a new threat on the horizon. Today, quantum is that threat that can break through all our defenses. Before all is lost, we must adopt cryptoagility to defend ourselves, available in today’s leading post-quantum cryptography (PQC) solutions. Evidence of the impending threat of quantum computing is already here, especially with techniques such as Store Now, Decrypt Later (SNDL) already in play. SNDL is a method in which encrypted data is stolen and stored until hackers can decrypt it later with a quantum computer. This signifies a looming threat. Data encrypted by today’s standards, but stored for future decryption, will be at risk since quantum computers will eventually break today’s encryption methods. Hence, SNDL is a ticking time bomb and a stark reminder of the urgency to upgrade our encryption methods to be quantum-safe. The PQC approach addresses the need for cryptoagility. With vulnerabilities such as SNDL presenting a clear and present danger, the time is now for a quantum-leap in our cryptography.

As we navigate the challenges of an emerging quantum ecosystem, using agile quantum-resilient PQC solutions is our best approach. Such agility is not just about defending against threats but also about the capability to adapt and evolve in the quantum landscape.

The Future of Cybersecurity: AI-Powered Cryptoagility

As cybersecurity threats evolve and become increasingly advanced, it’s critical to not just keep pace but stay one step ahead. Looking to the future of cybersecurity, it’s clear that the integration of artificial intelligence and cryptoagility will play a pivotal role in our defense. This combination brings a proactive and dynamic approach to combatting the rising threats posed by AI and the emerging threats of quantum computing.

One way to integrate AI and cryptoagility is through threat detection. This is done using machine learning models to identify patterns in threat behavior, thus enabling a faster and more accurate response to cyberattacks. Furthermore, these AI models can predict future attacks by extrapolating patterns from past data, allowing preemptive measures to be taken. Such a system learns from every attack it counters, continually improving its models and becoming more efficient at predicting, detecting, and countering threats. Then cryptographic keys and algorithms can be automatically updated and swapped out the moment a potential threat is predicted or detected.

AI and cryptoagility together are a continuously evolving defense mechanism that learns and grows stronger with each passing moment. The future of cryptoagility will look vastly different from today’s relatively manual processes. AI-powered cryptoagility could become a real-time, proactive and adaptive process, not a reactive one.

As we stand on the verge of the AI and quantum age, it’s clear that the digital labyrinth will only become more complex and unpredictable, with formidable digital threats akin to the many-headed Hydra or the cunning Minotaur of ancient Greek myths. We must use AI and cryptoagility to our advantage, leveraging them in the battle against cyber threats.

Today’s cybersecurity leaders are the vanguards tasked with safeguarding our most invaluable digital asset – data. By wholeheartedly adopting crypto-agile post-quantum cryptography (PQC) to defend against quantum computing cyberthreats, these leaders are not merely defending our data. They’re pioneering a resilient digital future, ushering in a cutting-edge era of cybersecurity capable of countering any threat and adeptly navigating the intricate corridors of the digital security labyrinth.

The post Navigating the Labyrinth of Digital Cyberthreats Using AI-Powered Cryptographic Agility appeared first on Cybersecurity Insiders.

Toshiba, the Japanese electronics giant, and Orange, a major telecom company, have unveiled breakthroughs in quantum secure data transmission. Their innovation shields information transmitted over fiber optic networks from cyber threats of all kinds.

The advancement relies on Quantum Key Distribution (QKD) technology, enabling secure data transmission at speeds of 400 Gigabits over a 100-mile fiber link. Quantum computing poses a growing threat to public key encryption, commonly used to secure data at rest or in motion. As this technology advances, traditional data networks become increasingly susceptible to attacks.

QKD, leveraging the principles of quantum mechanics, addresses this challenge by securing cryptographic keys, thereby mitigating risks. Integrating QKD into existing fiber networks enhances the security of conventional data transmission, safeguarding against today’s security challenges.

Although still in its early stages, further experiments are required to assess the integration of Quantum Key Distribution into complex network frameworks. Presently, QKD technology is deployed to secure a metro-scale fiber link network spanning approximately 23 miles between Wall Street and New Jersey, crossing the Hudson River. This ensures the protection of high-powered data, such as transactions, algorithms, and video calls, with minimal errors, seamlessly integrating into existing network infrastructure.

In an era where digitalization is rapidly advancing, data has become the lifeblood of many companies. Securing information at rest and in motion not only guards against hackers’ interference and substitution but also ensures its integrity in an increasingly interconnected world.

The post Toshiba and Orange offer quantum secure data transmission with utmost security appeared first on Cybersecurity Insiders.

[By Adam Goldfeld – Technology Team Lead at Classiq]

Today’s media narrative around quantum computing’s role in cybersecurity is overwhelmingly negative, because quantum computers will render today’s encryption standards redundant, leaving much of our data at risk of being decoded. While this is a genuine concern, it’s one that can and is being addressed. Instead, it is now time to move beyond this basic analysis of quantum computing and focus on the positive potential of this technology to improve our privacy, security, and safety.

Cause for concern

First, it’s important to understand how quantum computing will impact encryption. For decades, the RSA encryption algorithm has been the standard system used to securely transmit data. Classical computers can decrypt RSA, but it takes an astronomically long time.

In 1994, American mathematician Peter Shor developed a quantum algorithm that essentially could break RSA encryption phenomenally faster. The current quantum computers aren’t powerful enough to run Shor’s algorithm, but the technology is developing at speed. Estimates vary, but a quantum computer capable of running the algorithm could be ready in 10 years’ time – if not sooner.

Given that time frame, most forms of encrypted data and communications, such as emails or plans for a near-term project, can still safely use RSA. But data today that will still be relevant in a decade or more – think financial records, medical records, or government data – are less secure. Criminal actors or hostile nations could harvest and download encrypted files now with the intention of decrypting them later once the technology is ready.

Financial institutions, large organizations, and governments are rightly concerned about the vulnerability of RSA, but many are already taking steps to address this issue by assessing and changing their encryption protocols. For example, the US administration last year ordered government agencies to audit their systems to identify which are using RSA and set a timeline for transitioning to quantum-resistant cryptography. Meanwhile, there has already been extensive work by researchers to develop quantum-safe encryption standards – some of which will be based on quantum technology. The US National Institute of Standards and Technology (NIST) has announced the first four Quantum-Resistant Cryptographic Algorithms and is planning to announce additional four algorithms in the future.

It’s important, therefore, to take a step back and realize that while quantum technology may undermine RSA-based security, quantum will also play a big role in creating new security standards that will improve how we communicate, make transactions, and go about our daily lives.

A new era of security

Quantum-based encryption is already in development. These protocols will allow people to communicate more securely, as it will be much harder for bad actors to collect or intercept data using these quantum communication protocols.

For instance, quantum key distribution will allow two communicating users to tell whether a third party has tried to eavesdrop or tamper with a transmission. This system of key distribution relies on a fundamental aspect of quantum mechanics: that trying to measure a quantum system will disturb that system. Someone trying to obtain a key in order to observe the data packet will introduce detectable anomalies, allowing the rightful owner or recipient to put a quick stop to the transmission if needed.

Similarly, quantum technology will enable true random number generation. Random number generators (RNGs) are used in security protocols to create encryption and decryption keys and things like one-time passwords. However, today’s RNGs still follow some form of code, meaning that patterns could be detected over a large enough dataset. If this code is cracked, a bad actor could access a data file or an account.

However, the numbers derived from a quantum-powered RNG can be generated entirely randomly, meaning there is no way to discern what it will come up with. This true randomness will make it much harder to decipher, identify, or steal encrypted information, meaning companies that adopt quantum RNG can vastly improve the security of data transfers and communications.

Taking AI/ML to the next level

The greatest potential for quantum computing security applications is within artificial intelligence and machine learning (AI/ML).

There is already a huge scope for AI/ML in security. By feeding large datasets to machine-learning models, AI can be created that can assess and identify potential threats, whether that’s fraudulent behavior, suspicious transactions, or emails containing harmful malware. The issue today is that there is simply too much data for classical computers to process in a reasonable timeframe, limiting how much data can be fed into an AI/ML model and, thus how “smart” it can be or how accurate the results it produces will be.

But the speed advantage offered by quantum computing means that a quantum computer can take all that data, create connections, and feed those connections to an ML model, which a classical computer will still be able to run and operate. Quantum computing will allow you to create those models much more quickly and be more confident in the resulting algorithm. Alternatively, there is a possibility for AI/ML models to run entirely on the quantum computer, enhancing classification and regression capabilities.

Such  AI/ML models will be much more accurate at neutralizing cybersecurity threats, such as by spotting phishing emails in an inbox or identifying suspicious user behavior perhaps caused by someone logging into a system using stolen credentials.

Thinking beyond cybersecurity, using quantum computing to improve AI/ML models has applications in many industries. For instance, it can improve the object-orientation algorithms needed for autonomous driving features, making roads safer. Similarly, quantum machines could process and analyze large amounts of CCTV or police bodycam footage recorded every day to identify criminal activity.

Meanwhile, the finance industry could benefit in multiple ways. More advanced ML algorithms could be used to improve credit risk analysis as well as for financial fraud detection. Also, high-frequency trading algorithms used by financial institutions have been connected to flash crashes in the stock market when these automated trading bots make errors; improving these algorithms through quantum data processing should limit these errors, adding stability to financial markets, as well as helping financial institutions generate more profit.

Then there is national security. As mentioned, quantum encryption is a key development, enabling governments to better protect communications and state secrets, but there’s also an exciting area of research called quantum metrology: the use of quantum computing in radar technology. Improving the ability to detect things in greater detail that otherwise may go unnoticed could provide key intel and early warning of potential threats, such as fighter jets, missiles or drones. Applying quantum-powered algorithms to analyze satellite imagery could also provide key battlefield intelligence in real-time, such as troop movements or the placement of defenses.

Ultimately, these are just a few ways that quantum computing provides opportunities for creating a safer, more secure world. By using quantum machines to process more information, at a faster pace, organizations will have the ability to create vastly more sophisticated AI. They can rely less heavily on heuristics or intelligent guesses and instead make more informed choices. While sufficiently powerful quantum computers are still some years away, there are exciting opportunities ahead.

The post Quantum computing will enable a safer, more secure world appeared first on Cybersecurity Insiders.

Scientists from Russia, working for Don State Technical University, have developed a new medium of communication through the technology of Quantum Teleportation. The researchers argue that the invention will play a vital role in protecting information from being stolen by hackers.

Olga Safaryan, a professor at the Information Systems Cybersecurity Department, explained the theory with a small example. In this case, messaging takes place through a physical device, such as electrons in an electric current.

Technically, the technique was already developed by those in the field of Quantum Cryptography. However, it has now been further researched and developed into a medium where the sending and receiving of data take place by physical means, based on the principles of quantum mechanics.

According to Safaryan, any clone developed from a source via the science of quantum mechanics can only exist if its source is destroyed. But in this cryptographic system, a new clone is added to improve the strength of the messages and prevent hacking of the system.

Olga added that eavesdropping on a communication channel can be avoided by augmenting the semantic part of the message with a set of symbols that cannot be read or understood by hackers.

NOTE: Quantum Teleportation is a kind of science that allows the transfer of data from a sender at one location to a receiver at another location. It is truly a part of quantum computing and has allowed scientists to teleport subatomic particles on computer chips, even if they were not physically linked. However, there is still much to be explored and understood in this field to bring transparency and clarity to the science of Quantum Teleportation.

The post Russian scientists develop new communication medium through quantum teleportation appeared first on Cybersecurity Insiders.

By: Craig Debban, Chief Information Security Officer, QuSecure, Inc.

As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today. Due to this specific way of processing, quantum computers can also break many of the current encryption algorithms used to protect data. This is why CISOs everywhere should be concerned.

No, the sky isn’t falling, and the everyday use of quantum computers is not occurring en masse just yet. However, criminal and state actors are actively harvesting and storing data by listening in to communications, and this data will be decrypted by quantum computers in the future.   The concept they are practicing is termed steal now decrypt later (SNDL).

In a typical SNDL attack, the attacker gains access to encrypted data by intercepting network traffic, accessing data stores, or by using techniques such as social engineering or malware to gain access to critical information. Most likely his data is protected using current encryption algorithms and keys. By secretly exfiltrating this data, an adversary can decrypt its contents later and use all the gained resources at their disposal. You might think, “So what? It is safe, encrypted, and should take forever to decrypt.” That is a true statement today. However, SNDL attacks rely on the belief that current cryptographic algorithms will be broken and then data will be decrypted with quantum computers on the horizon. Some data has a lengthy shelf-life, and the nefarious organizations are betting these encrypted items will become available in the future while the data still has a great deal of value.

Some examples of data that may be targeted and particularly damaging to your organization if stolen even years from now include:

  • Financial data: Data such as credit card numbers, bank account information, and other financial transactions. This data can be used for identity theft, fraudulent transactions, or other malicious purposes.
  • Confidential business information: Business plans, trade secrets, intellectual property, or other data points that can give adversaries a competitive advantage.
  • Personal information: Login credentials, social security numbers, medical records, or other personally identifiable information (PII) that can be used for identity theft or other malicious purposes.
  • Government secrets: Classified information, military secrets, or other sensitive government information that can be used for espionage.
  • Encrypted communication: Emails, chat messages, or other forms of communication that can reveal sensitive information or give the attacker access to additional systems or networks.

So the threat is real but how should you address this?  

The key here is to consider the availability of post-quantum cryptography (PQC) algorithms, which are designed to be resistant to quantum attacks. CISOs should begin to familiarize themselves with these and evaluate their potential suitability for adoption.

CISOs likely have a strong grasp of their organizations’ overall security posture, but consider taking another pass at it to explore areas that are especially vulnerable to quantum attacks. It’s worth reviewing the encryption being used to protect sensitive data today, and classes of that data itself. Once that ecosystem is understood and its supporting cryptology has been identified, CISOs should develop a plan that considers quantum-resistant technology. Solutions are available that enable post-quantum cryptography that operates on-premise and through a multi-cloud environment.

Your plan should also include a timeline for upgrades and implementing innovative solutions, and a budget and resource allocation plan. Depending on the complexity of your network, migrating to full quantum resilience across your company could take years. Qualifying that effort is another added value CISOs bring through this exercise. Giving your management team the context of what it will take in terms of operational spend, administrative commitment and engagements with outside resources allows them to truly process the level of effort.

As a CISO, I readily admit a year ago I really didn’t understand what quantum was, why I should care, and the tangible threats it presented to cybersecurity. You may have staff in your company in the same situation. CISOs should include training with their plan and focus on the risks associated with quantum-based attacks to your organization. This may involve developing training programs or partnering with outside resources to provide guidance. The idea is to collectively raise the acumen within an organization to understand these threats, provide leadership on how you plan to deal with this risk, and improve your organization’s “human firewall” by raising awareness.

Once you have your plan, you are on track to protect your critical systems and data. One other consideration is to invest more in research and development. This may vary with your organization, but many organizations will be required to develop quantum-resistant cryptographic systems, or research other technologies that can help protect their specific service offerings against quantum attacks. This quantum resilience topic is new and changing rapidly, so finding the right subject matter expert is important. The process could involve collaborating with academic institutions, research organizations, the vendor community, and other industry partners to stay abreast of the latest developments in quantum computing and cryptography.

Lastly, CISOs should regularly review and update their organization’s security policies and procedures to ensure that they are aligned with best practices for the emerging quantum threat. This may involve updating encryption algorithms, strengthening access controls, and implementing additional security measures to protect the organization and its data.

The quantum computing threat poses a critical challenge, but with careful planning and preparation, it is possible for CISOs to mitigate this risk. Take some time to understand your vulnerabilities, develop a plan for transitioning, and consider the right investments into your people, tools, and procedures. With some thoughtful effort now, you can help ensure that your organization is prepared for the threat quantum computing will inherently bring.

The post Today’s CISO Insights – How to Tackle the Quantum Threat appeared first on Cybersecurity Insiders.