Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Encryption Key. Show all posts
Ransomwares
Cyber Security Cyberattacks DarkBit Encryption Key Iran Israel MuddyWater ransomware attacks Ransomware group Ransomwares

Profero Cracks DarkBit Ransomware Encryption After Israel-Iran Cyberattack Links

 

Cybersecurity company Profero managed to break the encryption scheme used by the DarkBit ransomware group, allowing victims to restore their systems without having to pay a ransom. This achievement came during a 2023 incident response investigation, when Profero was called in to assist a client whose VMware ESXi servers had been locked by the malware. 

The timing of the breach coincided with escalating tensions between Israel and Iran, following drone strikes on an Iranian Defense Ministry weapons facility, raising suspicions that the ransomware attack had political motivations. The attackers behind the campaign claimed to represent DarkBit, a group that had previously posed as pro-Iranian hacktivists and had targeted Israeli universities. Their ransom messages included strong anti-Israel rhetoric and demanded payments amounting to 80 Bitcoin. 

Israel’s National Cyber Command later attributed the operation to MuddyWater, a well-known Iranian state-backed advanced persistent threat group that has a history of conducting espionage and disruption campaigns. Unlike conventional ransomware operators who typically pursue ransom negotiations, the DarkBit actors appeared less concerned with money and more focused on causing business disruption and reputational harm, signaling motivations that aligned with state-directed influence campaigns. 

When the attack was discovered, no publicly available decryptor existed for DarkBit. To overcome this, Profero researchers analyzed the malware in detail and found flaws in its encryption process. DarkBit used AES-128-CBC keys created at runtime, which were then encrypted with RSA-2048 and appended to each locked file. However, the method used to generate encryption keys lacked randomness. By combining this weakness with encryption timestamps gleaned from file modification data, the researchers were able to shrink the possible keyspace to just a few billion combinations—far more manageable than expected. 

The team further capitalized on the fact that Virtual Machine Disk (VMDK) files, common on ESXi servers, include predictable header bytes. Instead of brute forcing an entire file, they only needed to check the first 16 bytes to validate potential keys. Profero built a custom tool capable of generating key and initialization vector pairs, which they tested against these known file headers in a high-powered computing environment. This method successfully produced valid decryption keys that restored locked data. 

At the same time, Profero noticed that DarkBit’s encryption technique was incomplete, leaving many portions of files untouched. Since VMDK files are sparse and contain large amounts of empty space, the ransomware often encrypted irrelevant sections while leaving valuable data intact. By carefully exploring the underlying file systems, the team was able to retrieve essential files directly, without requiring full decryption. This dual approach allowed them to recover critical business data and minimize the impact of the attack.  

Researchers noted that DarkBit’s strategy was flawed, as a data-wiping tool would have been more effective at achieving its disruptive aims than a poorly implemented ransomware variant. The attackers’ refusal to negotiate further reinforced the idea that the campaign was intended to damage operations rather than collect ransom payments. Profero has chosen not to release its custom decryptor to the public, but confirmed that it is prepared to help any future victims affected by the same malware.  

The case illustrates how weaknesses in ransomware design can be turned into opportunities for defense and recovery. It also highlights how cyberattacks tied to international conflicts often blur the line between criminal extortion and state-backed disruption, with groups like DarkBit using the guise of hacktivism to amplify their impact.
Read more »
Vulnerabilities and Exploits
Encryption Key KyberSlash Quantum Threat Intelligence Vulnerabilities and Exploits

Implementation Flaws Identified in Post-Quantum Encryption Algorithm

 

Two implementation flaws have been identified in the Kyber key encapsulation mechanism (KEM), an encryption standard intended to safeguard networks from future attacks by quantum computers. Collectively known as "KyberSlash," these flaws could allow cybercriminals to discover encryption keys. 

The encryption standard Kyber key encapsulation mechanism (KEM), designed to protect networks from future assaults by quantum computers, has two implementation vulnerabilities. Collectively referred to as "KyberSlash," these flaws might make it possible for hackers to acquire encryption keys. 

“Timing attacks of this nature are a derivative of broader ‘side channel’ attacks, which can be used to undermine any type of encryption, including both classical and post-quantum algorithms,” Andersen Cheng, founder of Post-Quantum, explained. “With this type of attack, the adversaries send fake (and known) ciphertext and measure how long it takes to decipher. They can then infer the timings for each attempt and reverse engineer the actual key-pair.” 

On December 1st, Franziskus Kiefer, Goutam Tamvada, and Karthikeyan Bhargavan—all researchers at the cybersecurity firm Cryspen—reported the vulnerabilities to Kyber's development team. The encryption standard had a patch released immediately, but since it wasn't classified as a security vulnerability, Cryspen started notifying projects in advance that they needed to implement the fix as of December 15. 

Google, Signal, and Mullvad VPN have all adopted versions of the Kyber post-quantum encryption standard; however, Mullvad VPN has since confirmed that the vulnerability does not affect their services.

Post-quantum encryption rush

Kyber was first submitted for assessment to the US National Institute of Standards and Technology (NIST) in 2017, as part of the organisation's competition to test and approve an encryption standard capable of safeguarding networks against future quantum computer attacks. Though a machine with an adequate amount of qubits to use Shor's algorithm to break RSA encryption and similar standards has yet to be developed, recent breakthroughs in scaling quantum computers and mounting speculation about "Harvest Now, Decrypt Later" attacks have generated increased interest in adopting post-quantum standards among governments and large businesses. 

Several algorithms put into the NIST competition were demonstrated to be susceptible to conventional attacks. These include the Rainbow and SIKE standards, the latter of which was overcome by KU Leuven researchers in 2022 in less than an hour using an average computer. In February 2023, a team from Sweden's KTH Royal Institute of Technology used highly complex deep learning-based side-channel attacks to destabilise Kyber's official implementation, CRYSTALS-Kyber. However, this approach was one of six for which NIST published draft standards last summer, with plans to finalise the competition later this year. 

Kyber flaws 

Meanwhile, the Kyber KEM has been adopted by a number of major organisations. Google announced in August 2023 that it will be employing Kyber-768 as a part of a hybrid system to safeguard Chrome browser traffic at the transport layer security level. Similar to this, Signal secured its "Signal Protocol," which is also used to ensure end-to-end encryption in Google and WhatsApp conversations, in September by implementing Kyber-1024 in conjunction with an elliptic curve key agreement protocol. 

This hybrid approach to leveraging post-quantum encryption standards is intended to safeguard network traffic against attack in case that new vulnerabilities are discovered. Since the KyberSlash vulnerabilities were identified, the researchers say that patches have been implemented by the Kyber development team and AWS. The team also cited a GitHub library written by Kudelski Security. When approached by a local media outlet, the cybersecurity firm stated that the listed code was not utilised in any of its commercial products and should not be used in production, but that it had still incorporated a patch for the KyberSlash vulnerabilities in a new version of the library. 

Nevertheless, Cheng believes it is a significant step forward for the post-quantum encryption community because its focus on flaws has shifted from vulnerabilities in the mathematics that underpins the standards to implementation attacks. “It will be the responsibility of each organisation implementing new encryption to ensure the implementation is robust,” stated Cheng. “That’s why it is so important that teams working on the migration to post-quantum encryption have deep engineering understanding and ideally, existing experience in deploying the cryptographic algorithms. “
Read more »
Technology
Cryptography Data Privacy Data Safety Encryption Key Technology

The Role of Cryptography in Data Safety

 

By using codes, the information security strategy of cryptography shields business data and communications from online threats. Security professionals describe it as the art of concealing information to guard against unauthorised access to your data. 

This technique employs mathematical principles and a series of calculations based on rules, known as algorithms, to alter messages in ways that are challenging to understand. It also refers to secure information and communication systems. 

Then, these algorithms are applied to the creation of cryptographic keys, digital signing, data privacy protection, internet browsing, and private email and credit card transactions. Confidentiality, integrity, authentication, and non-repudiation are only a few of the information security-related goals that are met by cryptography. In this article, we analyse what this tell us regarding cryptography. 

Safeguards data privacy 

In terms of cryptography, privacy is of utmost importance. It indicates that the transmitted information is secure from unauthorised access at all points in its lifetime and can only be accessed by those with the proper authorization. 

The privacy of individuals whose personal information is held in enterprise systems must be protected, which calls for confidentiality. Therefore, the only way to guarantee that the data is secure while it is being stored and delivered is through encryption. 

Without the proper decryption keys, encrypted data is practically useless to unauthorised individuals even when the transmission or storage media has been compromised. 

Data's integrity is ensured 

Integrity in the context of security refers to the accuracy of information systems and the data they include. Integrity refers to the ability of a system to transport and process data in a predictable manner. 

The data is unchanged even after processing. Data integrity is guaranteed by cryptography employing message digests and hashing techniques. 

The receiver is made certain that the data received has not been tampered with during transmission by supplying codes and digital keys to confirm that what is received is authentic and comes from the intended sender. 

Maintain information security using effective cryptography techniques

One of the primary concerns for firms trying to compete in the modern business environment is information security. Cryptography can help you protect your intellectual property by keeping it safe from hackers and other threat actors when used properly. 

You can also investigate additional techniques, such as online application penetration testing, internal network penetration testing, or cybersecurity awareness training, in the meantime and take preventative measures to safeguard important company resources.
Read more »
Subscribe to: Posts (Atom)