As the world anticipates quantum computing, many believe it has potential benefits for every industry. Equally excited and awaiting its rollout is the hacker community who could use these powerful quantum computers to compromise the digital systems we use daily including online banking and email software
The US Cybersecurity and Infrastructure Security Agency (CISA) has already warned that organizations need to take action to protect network infrastructure for the transition to post-quantum cryptography.
Many governments believe that quantum computers can be used to break public-key encryption methods that countless networks use today. A fully-functioning and stable high-qubit quantum machine could potentially wreak havoc across the internet. It will lead to the vulnerability of secure networks and loss of public confidence in major institutions and businesses
The good news is that these governments are developing post-quantum encryption schemes. For instance, the US National Institute of Standards and Technology (NIST) has been running multi-year effort since 2016 calling upon cryptographers around the world to devise quantum-resistant encryption methods. It aims to standardize one or more quantum-resistant cryptographic schemes to foster a transition to seamless security for the general public.
What is Quantum Computing?
Quantum Computing focuses on the development of computer-based technology hinged on the principles of a quantum theory. Experts believe the present experimental quantum computers can render the conventional system obsolete. Its benefits include advanced research, higher-level simulation, and accelerated growth of artificial intelligence models.
Is Quantum Computing a Risk?
Despite these promising benefits, there are concerns about some negative implications which include ethical and security risks for businesses, quantum attacks from hostile nation-states, and exacerbating current issues like data harvesting.
CISA’s Stance on Quantum Threats
CISA asserts that critical infrastructure is more at risk largely due to the public-key cryptography that U.S. networks rely on to secure sensitive data.
CISA provides insight to all critical infrastructure owners to have a successful transition in their Post-Quantum Cryptography Roadmap. The roadmap stipulates the following measures:
- Taking actionable steps like inventory assessments of current cryptography technologies.
- Developing acquisition policies for post-quantum cryptography.
- Training staff about the upcoming transition from conventional to quantum computers is necessary.
- Increasing engagement with standards developments relating to necessary algorithms and dependent protocol changes.
- Managing inventory assessments and the security of critical datasets for an extended time.
- Organizations must identify systems where public key cryptography is used and mark these systems as quantum vulnerable.
Preparing Organizations for the Quantum Threat to Cryptography
Many believe the time to worry about quantum computers threats is in a decade — but it’s sooner than we think. The process of adopting new standards usually takes years so it is crucial to begin planning for quantum-resistant cryptography now.
Organizations need to make arrangements and budget for a transition plan. This should include upgrading IT systems and deploying standardized quantum-resistant cryptography. They also need to be aware of how vendors plan to upgrade software and hardware. The preparation process should include software upgrades, and system patch delivery to systems using cryptography. They should also ensure the security of these upgrades and authenticate the source.
Moreover, organizations need to take advantage of agencies promoting awareness of quantum computers’ impact on cryptography. These agencies also provide steps to prepare for the transition to quantum-resistant cryptography when it comes.
The agencies partner with others to evaluate the next generation of quantum-resistant cryptography. The aim is to replace current cryptographic applications.
The Challenges With the Quantum Resistance Ahead
New technologies come with new opportunities and new risks — and quantum computers are no exception.
Building a large-scale quantum computer already has several challenges – fabrication, verification, and architecture. The technology derives its power from the ability to store a complex state in a single bit. Unfortunately, this also rather complicates the process of building, designing, and verifying. The verification issue is a cause of concern since it affects communication mechanisms, control circuitry for quantum operations, and more. Moreover, there’s no telling if it impacts the security of data within the technology itself.
Code breaking is another area of focus. An easy way to break codes in conventional computers is to try all possible keys. However, it is a much longer and difficult process. Quantum computing uses Grover’s algorithm to speed up this process. Another method called Shor’s algorithm is capable of breaking or weakening cryptographic algorithms within hours.
The potential for harm from quantum threats here becomes huge. Once encryption methods get broken, trust in data transmission becomes low. Cybercriminals will find it easy to create bogus certificates that call for the validity of a digital identity.
The technology’s effect would render communications as insecure as if encoding didn’t even exist. While there are a lot of worries about quantum computing, these fears remain hypothetical. Today’s quantum computing cannot break any commonly used encryption methods. However, concern for the vital security of our global network infrastructure and data drives the immense effort to counter a potential future of quantum threats.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
攻擊手法為駭客利用ProxyShell漏洞攻擊受害企業的Exchange伺服器,並植入Web Shell來持續在網路環境進行後續行動,接著,駭客利用Mimikatz、EarthWorm、ReGeorg、NBTscan進行偵察,然後部署PowerShell後門程式PowHeartBeat,以及惡意程式載入器PNGLoad。
-jpg.jpeg?ssl=1)
