A quantum security break-though claim generates a quantum-sized controversy.
Welcome to Cyber Security Today. It’s Friday, January 6th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A claim by Chinese researchers to have found a way that a quantum computer of today can break the RSA public-key encryption system has experts divided. If true, it would be shocking: Most experts think it will be many years before it’s possible to break current RSA encryption — if at all. However, the Chinese researchers think it can be done with a quantum computer with 372 qubits. By comparison, IBM’s Osprey quantum computer has 433 qubits. The thing is, the Chinese could only practice on a machine with 10 qubits — and only on 48-bit encrypted numbers. RSA’s encryption algorithm has 2,048 bits. So is the RSA encryption system under threat? As encryption expert Bruce Schneier wrote this week, we don’t have enough evidence yet to know. Schneier quotes one expert saying it would take a miracle for the proposed Chinese solution to work.
For some reason December was a busy month for threat actors. Several ransomware attacks have been reported. In addition, hundreds of U.S. counties were forced to work with paper after a cyberattack last week on their digital records management provider, called Cott Systems. According to Data Breach Today the attack knocked out the ability of some government offices to access online records. The story says Cott serves over 400 local governments across 21 states.
There is also some good news to start the year: Bitdefender has released a free decryptor for organizations hit by the MegaCortex ransomware strain. It was built with the help of Europol, the NoMoreRansom project and law enforcement authorities in Zurich.
Threat actors can take advantage of a newly-announced vulnerability within days, if not hours. The latest evidence is in a report from eSentire on an authentication bypass vulnerability in several Fortinet products. Fortinet announced the discovery last October. Three days later a proof of concept code for exploiting the hole was publicly released. Not long afterward eSentire researchers saw hackers buying and selling access to compromised Fortinet devices. In November eSentire intercepted and shut down a ransomware attack on a Canadian college and an unnamed global investment firm through a Fortinet VPN. One lesson: IT teams need to patch important network devices as soon as fixes are available. A link to the report is in the text version of this podcast at ITWorldCanada.com.
There’s more evidence of the need for cloud services platforms to tighten their security. It comes from researchers at Palo Alto Networks, who looked into the discovery last year of a South African-based gang abusing GitHub to open hundreds of accounts for mining cryptocurrency. In a report this week researchers said the gang’s operations are bigger than suspected. It has created more than 130,000 accounts on GitHub, Heroku, Togglebox and other cloud services. And it isn’t just using what’s called “freejacking,” which is the abuse of temporary free accounts. The gang is also using a tactic called “play and run,” where it uses a service and then runs instead of paying. In addition, the report says the gang was able to evade GitHub’s CAPTCHA security check
Finally, if you have a new IT security team, a just-released short primer on the biggest ransomware gangs released this week by Trustwave may be a good introduction. It has background on the Hive, LockBit, BlackCat/ALPHV and BlackBasta gangs. There’s a link to the blog in the text version of this podcast at ITWorldCanada.com.
That’s it for now. But later today the Week in Review edition will be out. Guest commentator David Shipley and I will discuss the self-imposed rules ransomware gangs create to supposedly limit who they hit, the increasing theft of digital ID tokens and how ChatGPT might be used by crooks.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.