Qusecure – CyberSecurity Confabulation

Navigating the Labyrinth of Digital Cyberthreats Using AI-Powered Cryptographic Agility

[By Rebecca Krauthamer Chief Product Officer and Co-Founder of QuSecure; and Michelle Karlsberg, QuSecure Fellow]

Imagine a labyrinth, continuously twisting and turning, morphing its layout so just when you think you’ve identified a safe path, the landscape shifts. Navigating it would be a Herculean task. Welcome to the new world of cybersecurity – an ever-changing, intricate maze where new threats lurk around every corner. The biggest challenges of this digital labyrinth stem from the rise of intelligent technologies. Online hackers are our modern-day Hydra (Hydra was a many-headed monster in Greek mythology that was slain by Hercules, whose head when cut off was replaced by two others), and cutting-edge cyberattacks are their weapon of choice.

The wave that is cresting today is artificial intelligence, and right behind it is quantum computing. But these new technologies are not all evil. On the one hand, they lead to an age of unprecedented technological capabilities and advancements. On the other hand, they can be used to create brand-new threats, introducing vulnerabilities previously unimagined, leaving our current cybersecurity systems defenseless. As these threats continue to rise, one thing is clear: Our approach to cybersecurity must evolve. It’s time that we equip ourselves with advanced defenses to match these advanced threats. Organizations need to arm themselves with AI and quantum-resilient shields.

Artificial Intelligence and Advanced Threats

There is no limit to the new vulnerabilities that arise from AI and quantum computing. With each innovation and advancement, Pandora’s Box opens wider, unleashing a swarm of cryptographic threats.

One imminent threat is AI-based malware attacks. In a project to understand emerging cybersecurity threats, IBM Research developed DeepLocker in 2018. DeepLocker blends AI and traditional malware – foreseeing a dangerous threat on the horizon. According to IBM, “This AI-powered malware is particularly dangerous because, like nation-state malware, it could infect millions of systems without being detected. But, unlike nation-state malware, it is feasible in the civilian and commercial realms.” DeepLocker showed us the potential for a dangerous combination of AI and malware even back five years ago, highlighting the urgency for new, robust, and agile defenses.

Fast forward to 2023, generative AI has hit the scene and naturally hackers are already using this new technology for attacks. Today, cybercriminals are using ChatGPT and other large language models to make phishing emails and code malware. Checkpoint Research has found that, “Cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT’s barriers and limitations.”

As we speed into the age of artificial intelligence, it’s clear that our current cybersecurity methods will not keep up. It is critical to continuously develop our defenses and remain agile to combat these emerging threats.

The Shield of Cryptographic Agility

In our ever-evolving digital labyrinth, cryptographic agility – cryptoagility for short – is a crucial defense mechanism. It gives us the capability to rapidly modify the use of cryptographic algorithms and keys, a necessary action to stay ahead of future evolving cybersecurity threats.

An example of the need for cryptoagility can be drawn from the 2014 Heartbleed Bug attacks. The bug revealed a crucial weakness, allowing attackers to read the memory of thousands of systems and steal valuable information. The companies that managed to recover quickly were those that demonstrated cryptoagility, swiftly replacing their compromised cryptographic keys and algorithms with new secure ones. This incident serves as a clear example of the importance of cryptoagility in our ongoing battle against dynamic cybersecurity threats.

Although the Heartbleed Bug has been solved, there is always a new threat on the horizon. Today, quantum is that threat that can break through all our defenses. Before all is lost, we must adopt cryptoagility to defend ourselves, available in today’s leading post-quantum cryptography (PQC) solutions. Evidence of the impending threat of quantum computing is already here, especially with techniques such as Store Now, Decrypt Later (SNDL) already in play. SNDL is a method in which encrypted data is stolen and stored until hackers can decrypt it later with a quantum computer. This signifies a looming threat. Data encrypted by today’s standards, but stored for future decryption, will be at risk since quantum computers will eventually break today’s encryption methods. Hence, SNDL is a ticking time bomb and a stark reminder of the urgency to upgrade our encryption methods to be quantum-safe. The PQC approach addresses the need for cryptoagility. With vulnerabilities such as SNDL presenting a clear and present danger, the time is now for a quantum-leap in our cryptography.

As we navigate the challenges of an emerging quantum ecosystem, using agile quantum-resilient PQC solutions is our best approach. Such agility is not just about defending against threats but also about the capability to adapt and evolve in the quantum landscape.

The Future of Cybersecurity: AI-Powered Cryptoagility

As cybersecurity threats evolve and become increasingly advanced, it’s critical to not just keep pace but stay one step ahead. Looking to the future of cybersecurity, it’s clear that the integration of artificial intelligence and cryptoagility will play a pivotal role in our defense. This combination brings a proactive and dynamic approach to combatting the rising threats posed by AI and the emerging threats of quantum computing.

One way to integrate AI and cryptoagility is through threat detection. This is done using machine learning models to identify patterns in threat behavior, thus enabling a faster and more accurate response to cyberattacks. Furthermore, these AI models can predict future attacks by extrapolating patterns from past data, allowing preemptive measures to be taken. Such a system learns from every attack it counters, continually improving its models and becoming more efficient at predicting, detecting, and countering threats. Then cryptographic keys and algorithms can be automatically updated and swapped out the moment a potential threat is predicted or detected.

AI and cryptoagility together are a continuously evolving defense mechanism that learns and grows stronger with each passing moment. The future of cryptoagility will look vastly different from today’s relatively manual processes. AI-powered cryptoagility could become a real-time, proactive and adaptive process, not a reactive one.

As we stand on the verge of the AI and quantum age, it’s clear that the digital labyrinth will only become more complex and unpredictable, with formidable digital threats akin to the many-headed Hydra or the cunning Minotaur of ancient Greek myths. We must use AI and cryptoagility to our advantage, leveraging them in the battle against cyber threats.

Today’s cybersecurity leaders are the vanguards tasked with safeguarding our most invaluable digital asset – data. By wholeheartedly adopting crypto-agile post-quantum cryptography (PQC) to defend against quantum computing cyberthreats, these leaders are not merely defending our data. They’re pioneering a resilient digital future, ushering in a cutting-edge era of cybersecurity capable of countering any threat and adeptly navigating the intricate corridors of the digital security labyrinth.

The post Navigating the Labyrinth of Digital Cyberthreats Using AI-Powered Cryptographic Agility appeared first on Cybersecurity Insiders.

It’s time to bolster defenses for an AI / Quantum Future

Posted 1 year ago by cyberinsiders

[By Paul Fuegner – QuSecure]

The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption. As nation-states and threat actors continue to work hard to gain the upper hand, find new ways to infiltrate and steal data, it is very possible that our adversaries will gain the ability to decrypt virtually every secret possessed by the United States government and private industry that relies on asymmetric encryption. From your bank accounts to the nuclear codes and all data in between is at risk now for this scenario known as steal now, decrypt later (SNDL), otherwise known as screwed now, destroyed later.

Many cyberattacks are already automated, yet if we add in AI’s learning potential, these attacks could be dramatically increased in size, scale and disruption. With quantum, early planning is necessary as cyber threat actors are targeting data today that would still require protection in the future – the plan “steal now, decrypt later” plan.

Quantum is coming at a faster pace than anyone previously contemplated. In addition, the unprecedented power of quantum computers might enable nation-states and threat actors to crack the digital encryption system upon which the modern information and communication infrastructure depends. By breaking that encryption, quantum computing could jeopardize military communications, financial transactions, the support system for the global economy and even the foundations of liberty from which our society operates.

Add in the potential for AI to increase cyber threats exponentially, CISA, NSA, and NIST urge organizations to begin preparing now by creating quantum-readiness roadmaps, applying risk assessments and analysis, and engaging vendors to test solutions that involve crypto agility and quantum resilience leading to a zero-trust architecture.

Changes That Can Happen Right Now – Crypto Agility is a Must Have

Crypto agility allows organizations to apply any of the NIST Post Quantum Cryptography (PQC) candidates or their own custom developed algorithms. Quantum-resilience providers then create a hyper encrypted trusted channel resilient to the threat of decryption from quantum-based computers. Any adversary will be unable to identify that PQC has been employed and will waste valuable time and compute power collecting data that they will never be able to decrypt.

Much of the cryptography that we use today was first invented in the late ’70s. Most of our society fundamentally runs on the same cryptographic schemes, albeit with increased key sizes. And while these cryptographic methods might be effective against classical computers, they simply do not stand a chance against the combined force of AI and quantum computing.

Here are some steps that you can take to bolster defenses for an AI / Quantum future:

1. Begin with a cryptographic assessment:

This will help determine which cryptographic schemes you are using, where they are located, and which ones are most vulnerable to AI and quantum attacks. This can help in identifying any weaknesses or vulnerabilities in these algorithms or deployments, leading to the development of more secure cryptographic techniques.

2. Implement an orchestrated, cryptographic agility approach:

This means you have an effortless way to change cryptography if it is breached, or for any other reason. Orchestrated cryptographic agility, powered by AI, could have the potential to stay one step ahead of attackers by shifting algorithms and keys so hackers see no consistent patterns. Given that multiple post-quantum algorithms are being proposed and developed, AI can assist in determining which of these algorithms is best suited for a particular use case, based on factors such as security, performance and available resources.

3. Consider quantum resilient technologies:

There are several innovative technologies to consider when aiming to ensure cyber resilience within your organization. Post-quantum cryptography (PQC), for example, uses new cryptographic algorithms that are resistant to quantum computers and may also help with AI-based attacks. You can learn more about new, approved cybersecurity standards by going to the National Institute of Standards and Technology (NIST) website.

4. Address the entire network including servers, cloud and edge:

Think of phones, laptops, servers behind the firewall, cloud-based servers and even satellites. For rapid scalable, advanced cryptographic deployment, look for PQC that can be deployed without installing anything on edge devices. This will make it much easier and quicker to secure your organization as there is no change to the endpoint or user experience.

5. Use AI and ML for security:

AI or machine learning (ML) can be used to manage and dynamically update security policies based on the threat landscape. Think of active defense, active attack mitigation and more to ensure that you are set for the future.

6. Use AI for cryptanalysis:

AI can be used for cryptanalysis of post-quantum cryptographic algorithms. This can help in identifying any weaknesses or vulnerabilities in these algorithms, leading to the development of more secure cryptographic techniques.

It is important to know that new quantum safe encryption methods can be deployed now. The challenge is to make them work with existing encryption algorithms. Through crypto-agility, advanced quantum secure encryption solutions can map the network and identify which encryption algorithms and protocols are being employed for security between endpoints and servers. These solutions can deploy a proxy that can “speak” with each protocol being used between clients and encapsulate the data being sent with post-quantum resilient encryption.

The days of relying on outdated encryption algorithms are gone.  Don’t let the fear of quantum computing hold you back from achieving digital transformation and quantum safety today. The time is now to understand AI and quantum threats and work to ensure your data and networks are resilient against powerful unexpected adversarial threats. Too much is at stake to find yourself screwed now and destroyed later.

The post It’s time to bolster defenses for an AI / Quantum Future appeared first on Cybersecurity Insiders.

Cybersecurity Tips to Stay Safe this Holiday Season

Posted 1 year ago by cyberinsiders

[By Craig Debban, CISO of QuSecure]

Have you ever been on a trip and realized that you forgot to pack something important? It’s easy to overlook things during the hustle and bustle of traveling, especially during the holidays. Unfortunately, cybercriminals take advantage of this hectic time to target holiday shoppers and travelers. Their goal is to catch you off guard when or where you least expect it. Additionally, if you’re like me you might be doing some last-minute shopping and looking for the perfect gift. Some tips to consider below:

Secure your devices when they are not in use

Never leave your phone, tablet, or computer unattended. Try to take your device with you wherever you go. If you do need to step away, lock your device. Then, ask a trusted friend or family member to keep your device safe while you’re gone.

Beware of Public Wi-Fi

Always disable the option to automatically connect to Wi-Fi networks on your phone, tablet, or computer. Instead, manually choose which network you’d like to join. Only use Wi-Fi networks that you know are safe, and never connect to random hot-spots.

Never install unfamiliar software

There are hundreds of shopping apps out there. Some of these apps may be malicious, so only use apps that you know and trust. When you download software or apps, be sure to download from verified sources such as the App Store or Google Play. You can verify that an app is legitimate by reading the app’s reviews, checking the number of app downloads, and looking up the app’s developer.

Verify links before clicking

Watch out for malicious advertisements, otherwise known as malvertising. Malvertising is when cybercriminals use ads to spread malware or to trick users into providing sensitive information. When online shopping, only click on an ad or link from a reputable source, such as a retailer’s official social media profile. To be extra careful, use your browser to navigate to the store’s official website to shop instead.

Verify attachments are safe before downloading them

A common tactic among cybercriminals is to create phony email notifications from a retailer or postal service. These notifications often include a malicious attachment. The cybercriminals may claim that there was an update to your order or that your package has been delayed, but you’ll have to download the attachment to find out more. Don’t fall for this trick! Before you open the attachment, contact the retailer or postal service to verify that the notification is legitimate. You can also look up your order directly on the website where you made the purchase.

This is a popular time that cybercriminals are looking for ways to scam you. Don’t let criminals ruin your holiday plans!

The post Cybersecurity Tips to Stay Safe this Holiday Season appeared first on Cybersecurity Insiders.