Category: quantum

Scientists from Russia, working for Don State Technical University, have developed a new medium of communication through the technology of Quantum Teleportation. The researchers argue that the invention will play a vital role in protecting information from being stolen by hackers.

Olga Safaryan, a professor at the Information Systems Cybersecurity Department, explained the theory with a small example. In this case, messaging takes place through a physical device, such as electrons in an electric current.

Technically, the technique was already developed by those in the field of Quantum Cryptography. However, it has now been further researched and developed into a medium where the sending and receiving of data take place by physical means, based on the principles of quantum mechanics.

According to Safaryan, any clone developed from a source via the science of quantum mechanics can only exist if its source is destroyed. But in this cryptographic system, a new clone is added to improve the strength of the messages and prevent hacking of the system.

Olga added that eavesdropping on a communication channel can be avoided by augmenting the semantic part of the message with a set of symbols that cannot be read or understood by hackers.

NOTE: Quantum Teleportation is a kind of science that allows the transfer of data from a sender at one location to a receiver at another location. It is truly a part of quantum computing and has allowed scientists to teleport subatomic particles on computer chips, even if they were not physically linked. However, there is still much to be explored and understood in this field to bring transparency and clarity to the science of Quantum Teleportation.

The post Russian scientists develop new communication medium through quantum teleportation appeared first on Cybersecurity Insiders.

By: Craig Debban, Chief Information Security Officer, QuSecure, Inc.

As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today. Due to this specific way of processing, quantum computers can also break many of the current encryption algorithms used to protect data. This is why CISOs everywhere should be concerned.

No, the sky isn’t falling, and the everyday use of quantum computers is not occurring en masse just yet. However, criminal and state actors are actively harvesting and storing data by listening in to communications, and this data will be decrypted by quantum computers in the future.   The concept they are practicing is termed steal now decrypt later (SNDL).

In a typical SNDL attack, the attacker gains access to encrypted data by intercepting network traffic, accessing data stores, or by using techniques such as social engineering or malware to gain access to critical information. Most likely his data is protected using current encryption algorithms and keys. By secretly exfiltrating this data, an adversary can decrypt its contents later and use all the gained resources at their disposal. You might think, “So what? It is safe, encrypted, and should take forever to decrypt.” That is a true statement today. However, SNDL attacks rely on the belief that current cryptographic algorithms will be broken and then data will be decrypted with quantum computers on the horizon. Some data has a lengthy shelf-life, and the nefarious organizations are betting these encrypted items will become available in the future while the data still has a great deal of value.

Some examples of data that may be targeted and particularly damaging to your organization if stolen even years from now include:

  • Financial data: Data such as credit card numbers, bank account information, and other financial transactions. This data can be used for identity theft, fraudulent transactions, or other malicious purposes.
  • Confidential business information: Business plans, trade secrets, intellectual property, or other data points that can give adversaries a competitive advantage.
  • Personal information: Login credentials, social security numbers, medical records, or other personally identifiable information (PII) that can be used for identity theft or other malicious purposes.
  • Government secrets: Classified information, military secrets, or other sensitive government information that can be used for espionage.
  • Encrypted communication: Emails, chat messages, or other forms of communication that can reveal sensitive information or give the attacker access to additional systems or networks.

So the threat is real but how should you address this?  

The key here is to consider the availability of post-quantum cryptography (PQC) algorithms, which are designed to be resistant to quantum attacks. CISOs should begin to familiarize themselves with these and evaluate their potential suitability for adoption.

CISOs likely have a strong grasp of their organizations’ overall security posture, but consider taking another pass at it to explore areas that are especially vulnerable to quantum attacks. It’s worth reviewing the encryption being used to protect sensitive data today, and classes of that data itself. Once that ecosystem is understood and its supporting cryptology has been identified, CISOs should develop a plan that considers quantum-resistant technology. Solutions are available that enable post-quantum cryptography that operates on-premise and through a multi-cloud environment.

Your plan should also include a timeline for upgrades and implementing innovative solutions, and a budget and resource allocation plan. Depending on the complexity of your network, migrating to full quantum resilience across your company could take years. Qualifying that effort is another added value CISOs bring through this exercise. Giving your management team the context of what it will take in terms of operational spend, administrative commitment and engagements with outside resources allows them to truly process the level of effort.

As a CISO, I readily admit a year ago I really didn’t understand what quantum was, why I should care, and the tangible threats it presented to cybersecurity. You may have staff in your company in the same situation. CISOs should include training with their plan and focus on the risks associated with quantum-based attacks to your organization. This may involve developing training programs or partnering with outside resources to provide guidance. The idea is to collectively raise the acumen within an organization to understand these threats, provide leadership on how you plan to deal with this risk, and improve your organization’s “human firewall” by raising awareness.

Once you have your plan, you are on track to protect your critical systems and data. One other consideration is to invest more in research and development. This may vary with your organization, but many organizations will be required to develop quantum-resistant cryptographic systems, or research other technologies that can help protect their specific service offerings against quantum attacks. This quantum resilience topic is new and changing rapidly, so finding the right subject matter expert is important. The process could involve collaborating with academic institutions, research organizations, the vendor community, and other industry partners to stay abreast of the latest developments in quantum computing and cryptography.

Lastly, CISOs should regularly review and update their organization’s security policies and procedures to ensure that they are aligned with best practices for the emerging quantum threat. This may involve updating encryption algorithms, strengthening access controls, and implementing additional security measures to protect the organization and its data.

The quantum computing threat poses a critical challenge, but with careful planning and preparation, it is possible for CISOs to mitigate this risk. Take some time to understand your vulnerabilities, develop a plan for transitioning, and consider the right investments into your people, tools, and procedures. With some thoughtful effort now, you can help ensure that your organization is prepared for the threat quantum computing will inherently bring.

The post Today’s CISO Insights – How to Tackle the Quantum Threat appeared first on Cybersecurity Insiders.

Joe Biden and his administration seems be on a forward thinking gear for quantum technology linked cyber attacks leading to data breaches. On December 21st,2022, the Senate passed a bipartisan bill to prevent data breaches emerging from quantum computing.

The Quantum Computing Cybersecurity Preparedness Act was made into a legislation that prevents usage of quantum computing technology in decrypting stolen information, as they can break any kind of cryptographic algorithms.

The latest bill also urges companies to maintain an inventory of all their IT assets that are vulnerable to quantum enabled data breaches and must maintain a progress sheet on migrating the digital infrastructure to post quantum cryptography.

Except for the National Security Systems, all other federal agencies are required to follow the inventory and the post quantum cryptography standards prescribed by NIST. And from May 2023, they need to follow guidelines prescribed for migration by Office of Management and Budget (OMB).

NOTE 1- According to a discussion on Reddit, a 128 bit encryption standard can take at least 3 months to break and a 256-bit key might take even longer. However, AES 256 is believed to be quantum resistant, as it can yield many brute force iterations.

NOTE 2- All these days, we were worried about protecting computer networks from cyber warfare. Now, security researchers are encouraging IT engineers to develop an infrastructure that is of quantum proof.

Perhaps it’s high- time to think about the deployment of quantum proof encryption on servers storing and processing financial, healthcare, retail and manufacturing info….isn’t it?

 

The post Biden administration passes bill against Quantum Computing Data Breaches appeared first on Cybersecurity Insiders.

Quantum ransomware gang has this time struck a government agency in the Dominican Republic and is demanding $600,000 to free up the data from encryption. According to a spokesperson from Dominican Republic, Instituto Agrario Dominicano, the attack led to access lockdown of 4 physical servers and 8 virtual servers of the agency.

Preliminary Investigations revealed that the attack was linked to IP addresses operating in United and Russia. But the law enforcement agencies state that the attack could have been organized through proxies and might be the work of North Korea hackers.

Quantum hackers claim the hack led to the steal of about 1TB of data and if the ransom is not paid on time, the threat actors are threatening to either release or sell that data via the dark web.

The National Cybersecurity Centre (CNCS) estimates that all the applications, email servers and databases were affected by the incident and has assured that it will recover from this malware attack within no time- all thanks to an efficient business continuity plan that is already in place.

NOTE 1- Till September 2020, a ransomware named MountLocker was operating in the wild. Apparently, Quantum is the same version of the MountLocker and was previously known with names such as AstroLocker and XingLocker.

NOTE 2- Most of the file encrypting malware spreading gangs are nowadays indulging in double extortion tactics. First, they steal data from the victim server and then lock it down from access until a ransom is paid. And if the victim cannot pay the ransom or denies paying it, the threat actors sell that data to interested parties such as marketing firms or to individual hackers or, in rare cases, to state funded hacking groups.

 

The post Dominican Republic’s Institute Agrario Dominicano suffers Quantum Ransomware Attack appeared first on Cybersecurity Insiders.