‘Harvest now, decrypt later’: why hackers are waiting for quantum computing

September 22, 2024 Add Comment
'Harvest now, decrypt later': why hackers are waiting for quantum computing

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. More information

Hackers are waiting for the moment when quantum computing breaks cryptography and enables the mass decryption of information stolen from years ago. In preparation, they collect even more coded data than usual. Here’s what companies can do in response.

Why do hackers collect encrypted data?

Most modern organizations encrypt several critical aspects of their operations. In fact, approximately eight out of ten companies make extensive or partial use of enterprise-level encryption for databases, archives, internal networks and Internet communications. After all, it is a best practice in cybersecurity.

Alarmingly, cybersecurity experts are increasingly concerned that cybercriminals are stealing encrypted data and waiting for the right moment to strike. Their concerns are not unfounded – more than 70% of ransomware attacks now exfiltrate information before encryption.

The “harvest now, decrypt later” phenomenon of cyberattacks – where attackers steal encrypted information in the hope that they can eventually decrypt it – is becoming increasingly common. As quantum computing technology develops, it will only become more common.

How ‘harvest now, decode later’ works

Quantum computers make the ‘harvest now, decode later’ phenomenon possible. In the past, encryption was enough to deter cybercriminals – or at least render their efforts futile. Unfortunately, that is no longer the case.

While classical computers work with binary digits (bits) that can be a one or a zero, their quantum counterparts use quantum bits called qubits. Qubits can exist in two states simultaneously thanks to superposition.

Because qubits can be a one and a zero, the processing speeds of quantum computers far exceed the competition. Cybersecurity experts fear they will render modern ciphers – i.e. encryption algorithms – useless, leading to exfiltration-driven cyberattacks.

See also  Indestructible quantum rifts can exist in two places at once

Encryption converts data, also called plain text, into a string of arbitrary, indecipherable code called ciphertext. Ciphers do this using complex mathematical formulas that are technically impossible to decode without a decryption key. However, quantum computers are changing things.

While a classical computer would do that last 300 trillion years or more to decrypt a 2,048-bit Rivest-Shamir-Adleman encryption, a quantum encryption could crack it in seconds, thanks to qubits. The catch is that this technology is not available everywhere; only places like research institutions and government labs can afford it.

That won’t deter cybercriminals, as quantum computing technology could become accessible within a decade. To prepare, they use cyberattacks to steal encrypted data and plan to decrypt it later.

What types of data do hackers collect?

Hackers typically steal personally identifiable information such as names, addresses, job titles, and Social Security numbers because they enable identity theft. Account information, such as company credit card numbers or bank account information, is also highly sought after.

Quantum computing allows hackers to access anything that is encrypted; data storage systems are no longer their primary focus. They can eavesdrop on the connection between a Web browser and a server, read communications between programs, or intercept information in transit.

Human resources, IT and accounting departments still pose major risks to the average company. However, they also have to worry about their infrastructure, suppliers and communication protocols. After all, both client- and server-side encryption will soon be fair game.

The consequences of breaking encryption by qubits

Companies may not even realize they have been hit by a data breach until the attackers use quantum computing to decrypt the stolen information. It may be business as usual until there is a sudden increase in account takeovers, identity theft, cyber attacks and phishing attempts.

Legal issues and fines would likely follow. Considering the average data breach increased from $4.35 million in 2022 to $4.45 million in 2023 – an increase of 2.3% year over year – the financial losses could be devastating.

See also  The Lord of the Rings: The War of the Rohirrim review

In the wake of quantum computing, companies can no longer rely on numbers to securely communicate, share files, store data or use the cloud. Their databases, archives, digital signatures, Internet communications, hard drives, email and internal networks will soon be vulnerable. Unless they find an alternative, they may have to return to paper-based systems.

Why prepare if quantum is not there yet?

While the potential for broken cryptography is alarming, decision makers should not panic. The average hacker won’t be able to get their hands on a quantum computer for years – perhaps even decades – because they are incredibly expensive, labor-intensive, sensitive and error-prone if not kept in ideal conditions.

To clarify: these sensitive machines must remain just above absolute zero (459 degrees Fahrenheit to be precise) because thermal noise can disrupt their operation.

However, quantum computing technology is making progress every day. Researchers are trying to make these computers smaller, easier to use and more reliable. Soon they could become so accessible that the average person can own one.

A China-based startup recently unveiled the world’s first consumer portable quantum computers. The Triangulum — the most expensive model — offers the power of three qubits for about $58,000. The two cheaper versions with two qubits can be purchased for less than $10,000.

While these machines pale in comparison to the powerful computers found in research institutions and government-funded laboratories, they prove that the world is not far from quantum computing technology for the masses. In other words, decision makers must act now instead of waiting until it is too late.

Furthermore, the average hacker is not the one companies should worry about; well-funded threat groups pose a much greater threat. A world where a nation state or business competitor can pay for quantum computing as a service to steal intellectual property, financial data or trade secrets could soon become a reality.

See also  HeLa Labs Joins Forces with Digitalabs to Redefine the Future of AI and Cloud Computing

What can companies do to protect themselves?

There are a few steps business leaders should take to prepare for quantum computing to crack cryptography.

1. Use post-quantum numbers

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) plan to release soon post-quantum cryptographic standards. The agencies use the latest techniques to create numbers that quantum computers cannot crack. Companies would be wise to adopt them after release.

2. Improve breach detection

Indicators of compromise – signs that a network or system compromise has occurred – can help security professionals respond quickly to data breaches that could potentially render data unusable to the attackers. For example, they can immediately change the passwords of all employees if they notice that hackers have stolen account information.

3. Use a quantum-safe VPN

A quantum-safe virtual private network (VPN) protects data in transit and prevents exfiltration and eavesdropping. One expert claims that consumers can expect them soon they are in the testing phase from 2024. Companies would be wise to adopt these types of solutions.

4. Move sensitive data

Decision makers must ask whether the information bad actors steal will still be relevant when decrypted. They must also consider the worst-case scenario to understand the level of risk. From there, they can decide whether or not to move sensitive data.

One option is to transfer the data to a heavily guarded or continuously monitored paper filing system, which will completely prevent cyber attacks. The more viable solution is to store it on a local network not connected to the public Internet, and segment it with security and authorization controls.

Decision makers must start preparing now

Although cracking quantum-based cryptography will take years – perhaps even decades – it will have disastrous consequences once it arrives. Business leaders must now develop a post-quantum plan to ensure they are not faced with any surprises.

Zac Amos is editor-in-chief at ReHack.


Source link

Tags:
bitcoin
Bitcoin (BTC) $ 101,973.32
ethereum
Ethereum (ETH) $ 2,259.43
bnb
BNB (BNB) $ 624.24
solana
Solana (SOL) $ 134.44
tron
TRON (TRX) $ 0.267772
near
NEAR Protocol (NEAR) $ 1.92
injective-protocol
Injective (INJ) $ 9.92
cosmos
Cosmos Hub (ATOM) $ 3.77
matic-network
Polygon (MATIC) $ 0.175057
optimism
Optimism (OP) $ 0.493556
mantle
Mantle (MNT) $ 0.589338
arbitrum
Arbitrum (ARB) $ 0.267867
jupiter-exchange-solana
Jupiter (JUP) $ 0.350527