Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label RSA. Show all posts
Technology
AI AI vulnerabilities Artificial Intelligence Cyberbreach LLM Ransomware RSA Security System Technology

Ransomware Defence Begins with Fundamentals Not AI

 


The era of rapid technological advancements has made it clear that artificial intelligence isn't only influencing cybersecurity, it is fundamentally redefining its boundaries and capabilities as well. The transformation was evident at the RSA Conference in San Francisco in the year 2025, as more than 40,000 cybersecurity professionals gathered to discuss the path forward for the industry.

It was essential to emphasise that the rapid integration of agentic AI into cyber operations is one of the most significant topics discussed, highlighting both the disruptive potential and strategic complexities it introduces simultaneously. AI technologies continue to empower both defenders and adversaries alike, and organizations are taking a measured approach, recognising the immense potential of AI-driven solutions while remaining vigilant against the increasingly sophisticated attacks from adversaries. 

As the rise of artificial intelligence (AI) and its application in criminal activities dominates headlines more often than not, the narrative is far from a one-sided one, as there are several factors playing a role. However, the rise of AI reflects a broader industry shift toward balancing innovation with resilience in the face of rapidly shifting threats. 
Several cybercriminals are indeed using artificial intelligence (AI) and large language models (LLMs) to make ransomware campaigns more sophisticated and more convincing, crafting more convincing phishing emails, bypassing traditional security measures, and improving the precision with which victims are selected. In addition to increasing the stealth and efficiency of attackers, the stakes for organisational cybersecurity have increased as a result of these tools. 

Although AI is considered a weapon for adversaries, it is proving to be an essential ally in the defence against ransomware when integrated into security systems. By integrating AI into security systems, organisations are able to detect threats more quickly and accurately, which leads to quicker detection and response to ransomware attacks. 

Furthermore, AI helps enhance the containment and recovery efforts of incidents, leading to faster containment and a reduction in potential damage. Furthermore, AI helps to mitigate and recover from incidents more effectively. With AI coupled with real-time threat intelligence, security teams are able to adapt to evolving attack techniques, providing them with the agility to close the gap between offence and defence, making the cyber environment in which people live more and more automated.

In the wake of a series of high-profile ransomware attacks - most notably, those targeted at prominent brands like M&S - concerns have been raised that artificial intelligence may be contributing to a spike in cybercrime that has never been seen before. In spite of the fact that artificial intelligence is undeniably changing the threat landscape by streamlining phishing campaigns and automating attack workflows, its impact on ransomware operations has often been exaggerated. 

In practice, AI isn't really a revolutionary force at all, but rather a tool to accelerate tactics cybercriminals have relied on for years to come. Most ransomware groups continue to rely on proven, straightforward methods that offer speed, scalability, and consistent financial returns for their attacks. As far as successful ransomware campaigns are concerned, scammy emails, credential theft, and insider exploitation have continued to be the cornerstones of these campaigns, offering reliable results without requiring the use of advanced artificial intelligence. 

As security leaders are looking for effective ways to address these threats, they are focusing on getting a realistic perspective on how artificial intelligence is used within ransomware ecosystems. It has become increasingly evident that breach and attack simulation tools are critical assets for organisations as they enable them to identify vulnerabilities and close security gaps in advance of attackers exploiting them. 

There is a sense of balance in this approach, which emphasises the importance of bolstering foundational security controls while keeping pace with the incremental evolution of adversarial capabilities. Nevertheless, generative artificial intelligence is continuing to evolve in profound and often paradoxical ways as it continues to mature. In one way, it empowers defenders by automating routine security operations, detecting hidden patterns in complex data sets, and detecting vulnerabilities that might otherwise go undetected by the average defender. 

It also provides cybercriminals with the power to craft more sophisticated, targeted, scalable attacks, blurring the line between innovation and exploitation, providing them with powerful tools to craft more sophisticated, targeted, and scalable attacks. According to recent studies, over 80% of cyber incidents are caused by human error, which is why organisations need to harness artificial intelligence to strengthen their security posture to prevent future cyber attacks. 

AI is an excellent tool for cybersecurity leaders as it streamlines threat detection, reduces human oversight, and enables real-time response in real-time. There is, however, a danger that the same technologies may be adapted by adversaries to enhance phishing tactics, automate malware deployment, and orchestrate advanced intrusion strategies. The dual use of artificial intelligence has raised widespread concerns among executives due to its dual purpose. 

According to a recent survey, 84% of CEOs have expressed concern about generative AI being the source of widespread or catastrophic cyberattacks. Consequently, organisations are beginning to make a significant investment in AI-based cybersecurity, with projections showing a 43% increase in AI security budgets by 2025 as a result of this increase. 

In an increasingly complex digital environment, it is becoming increasingly recognised that even though generative AI introduces new vulnerabilities, it also holds the key to strengthening cyber resilience. This surge is indicative of a growing recognition of the need for generative AI. As artificial intelligence is increasing the speed and sophistication with which cyberattacks are taking place, it has never been more important than now to adhere to foundational cybersecurity practices. 

While artificial intelligence has unquestionably enhanced the tactics available to cybercriminals, allowing them to conduct more targeted phishing attempts, exploit vulnerabilities more quickly, and create more evasive malware, many of the core techniques have not changed. In other words, even though they have many similarities, the differences lie more in how they are executed, rather than in what they do. 

As such, rigorously and consistently applied traditional cybersecurity strategies remain critical bulwarks against even the threats that are enhanced by artificial intelligence. In addition to these foundational defences, multi-factor authentication (MFA), which is widely used, provides a vital safeguard against credential theft, particularly in light of the increasing use of artificial intelligence-generated phishing emails that mimic legitimate communication with astonishing accuracy - a powerful security measure that is critical today. 

As important as it is to maintain regular data backups, maintaining a secure backup mechanism also provides an effective fallback mechanism for ransomware, which is now capable of dynamically altering payloads to avoid detection. The most important element is to make sure that all systems and software are updated, as this prevents AI-enabled tools from exploiting known vulnerabilities. 

A Zero Trust architecture is becoming increasingly relevant as attackers with artificial intelligence move faster and stealthier than ever before. By assuming no implicit trust within the network and restricting lateral movement, this model greatly reduces the blast radius of any potential breach of the network and reduces the likelihood of the attack succeeding. 

A major upgrade is also required for email filtering systems, with AI-based tools that are better equipped to detect subtle nuances in phishing campaigns that have been successfully evading legacy solutions. It is also becoming more and more important for organisations to emphasise security awareness training to prevent breaches, as human error is still one of the leading causes. There is no better line of defence for a company than having employees trained to spot deceptive artificial intelligence-crafted deception.

Furthermore, the use of artificial intelligence-based anomaly detection systems is becoming increasingly important for detecting unusual behaviours that indicate a breach of security. In order to limit exposure and contain threats, segmentation, strict access control policies, and real-time monitoring are all complementary tools. However, it is important to note that even as AI has created new complexities in the threat landscape, it has not rendered traditional defences obsolete. 

Rather, these tried and true cybersecurity measures, augmented by intelligent automation and threat intelligence, are the cornerstones of resilient cybersecurity, not the opposite. Defending against adversaries powered by artificial intelligence requires not just speed but also strategic foresight and disciplined execution of proven strategies. 

As AI-powered cyberattacks become a bigger and more prevalent subject of discussion, organisations themselves are at risk from an unchecked and ungoverned use of artificial intelligence tools, a risk that is often overlooked. While much of the attention has been focused on how threat actors are capable of weaponising artificial intelligence, the internal vulnerabilities that arise from the unscheduled adoption of generative AI present a significant and present threat to the organisation. 

In what is referred to as "Shadow AI," employees are using tools like ChatGPT without formal authorisation or oversight, which circumvents established security protocols and could potentially expose sensitive corporate data. According to a recent study, nearly 40% of IT professionals admit that they have used generative AI tools without proper authorisation. 

Besides compromising governance efforts, such practices obscure visibility of data processing and handling, complicate incident response, and increase the organisation's vulnerability to attacks. The use of artificial intelligence by organisations is unregulated, coupled with inadequate data governance and poorly configured artificial intelligence services, resulting in a number of operational and security issues. 

The risks posed by internal AI tools must be mitigated by organisations treating them as if they were any enterprise technologies. Among the measures that must be taken to mitigate these risks is to establish robust governance frameworks, ensure the transparency of data flows, conduct regular audits, and provide cybersecurity training that addresses the dangers of shadow artificial intelligence, as well as ensure that leaders remain mindful of current threats to their organisations. 

Although artificial intelligence generates headlines, the most successful attacks continue to rely on the proven techniques - phishing, credential theft, and ransomware. The emphasis placed on the potential threats that could be driven by AI can distract attention from critical, foundational defences. In this context, complacency and misplaced priorities are the greatest risks, and not AI itself. 

 It remains true that maintaining a disciplined cyber hygiene, simulating attacks, and strengthening security fundamentals remain the most effective ways to combat ransomware in the long run. There is no doubt that artificial intelligence is not just a single threat or solution for cybersecurity, but rather a powerful force capable of strengthening as well as destabilising digital defences in an environment that is rapidly evolving. 

As organisations navigate this shifting landscape, it is imperative to have clarity, discipline, and strategic depth as they attempt to navigate this new terrain. Despite the fact that artificial intelligence may dominate headlines and influence funding decisions, it does not negate the importance of basic cybersecurity practices. 

What is needed is a recalibration of priorities as people move forward. Security leaders must build resilience against emerging technologies, rather than chasing the allure of emerging technologies alone. They need to adopt a realistic and layered approach to security, one that embraces AI as a tool while never losing sight of what consistently works. 

To achieve this goal, advanced automation, analytics, and tried-and-true defences must be integrated, governance around AI usage must be enforced, and access to data flows and user behaviour must remain tightly controlled. In addition, organisations need to realise that technological tools are only as powerful as the frameworks and people that support them. 

Threats are becoming increasingly automated, making it even more important to have human oversight. Training, informed leadership, and an environment that fosters a culture of accountability are not optional; they are imperative. In order for artificial intelligence to be effective, it must be part of a larger, more comprehensive security strategy that is based on visibility, transparency, and proactive risk management. 

As the battle against ransomware and AI-enhanced cyber threats continues, the key to success will not be whose tools have the greatest sophistication, but whose application of these tools will be consistent, purposeful, and foresightful. AI isn't a threat, but it's an opportunity to master it, regulate it internally, and never let innovation overshadow the fundamentals that keep security sustainable in the first place. Today's defenders have a winning formula: strong fundamentals, smart integration, and unwavering vigilance are the keys to their success.
Read more »
Technolgy
AI vulnerabilities Bitcoin Cyber Threat Cryptographic Cyber Advancements CyberCrime Cybersecurity CyberThreat ECC ECDSA Finance Idustry OpenAI PQC Quantum Era RSA Technolgy

Bitcoin Encryption Faces Future Threat from Quantum Breakthroughs

 


In light of the rapid evolution of quantum computing, it has become much more than just a subject for academic curiosity—it has begun to pose a serious threat to the cryptographic systems that secure digital currencies such as Bitcoin, which have long been a secure cryptographic system. 

According to experts, powerful quantum machines will probably be able to break the elliptic curve cryptography (ECC), which underpins Bitcoin's security, within the next one to two decades, putting billions of dollars worth of digital assets at risk. Despite some debate regarding the exact timing, there is speculation that quantum computers with the capabilities to render Bitcoin obsolete could be available by 2030, depending on the advancement of quantum computing in terms of qubit stability, error correction, and other aspects. 

Cryptographic algorithms are used to secure transactions and wallet addresses in Bitcoin, such as SHA-256 and ECDSA (Elliptic Curve Digital Signature Algorithm). It can be argued that quantum algorithms, such as Shor's, might allow the removal of these barriers by cracking private keys from public addresses in a fraction of the time it would take classical computers. 

Although Bitcoin has not yet been compromised, the crypto community is already discussing possible post-quantum cryptographic solutions. There is no doubt that quantum computing is on its way; if people don't act, the very foundation of decentralised finance could be shattered. The question is not whether quantum computing will arrive, but when. 

One of the most striking revelations in the cybersecurity and crypto communities is a groundbreaking simulation conducted with OpenAI's o3 model that has re-ignited debate within the communities, demonstrating a plausible future in which quantum computing could have a severe impact on blockchain security. This simulation presents the scenario of a quantum breakthrough occurring as early as 2026, which might make many of today's cryptographic standards obsolete in a very real way. 

There is a systemic threat to the broader cryptocurrency ecosystem under this scenario, and Bitcoin, which has been the largest and most established digital asset for quite some time, stands out as the most vulnerable. At the core of this concern is that Bitcoin relies heavily upon elliptic curve cryptography (ECC) and the SHA-256 hashing algorithm, two of which have been designed to withstand attacks from classical computers. 

A recent development in quantum computing, however, highlights how algorithms such as Shor's could be able to undermine these cryptographic foundations in the future. Using a quantum computer of sufficient power, one could theoretically reverse-engineer private keys from public wallet addresses, which would compromise the security of Bitcoin transactions and user funds. Industry developments underscore the urgency of this threat. 

It has been announced that IBM intends to launch its first fault-tolerant quantum system by 2029, referred to as the IBM Quantum Starling, a major milestone that could accelerate progress in this field. However, concerns are still being raised by experts. A Google quantum researcher, Craig Gidney, published in May 2025 findings suggesting that previous estimations of the quantum resources needed to crack RSA encryption were significantly overstated as a result of these findings. 

Gidney's research indicated that similar cryptographic systems, such as ECC, could be under threat sooner than previously thought, with a potential threat window emerging between 2030 and 2035, despite Bitcoin's use of RSA. In a year or two, IBM plans to reveal the first fault-tolerant quantum computer in the world, known as Quantum Starling, by 2029, which is the biggest development fueling quantum optimism. 

As opposed to current quantum systems that suffer from high error rates and limited stability, fault-tolerant quantum machines are designed to carry out complex computations over extended periods of time with reliability. This development represents a pivotal change in quantum computing's practical application and could mark the beginning of a new era in quantum computing. 

Even though the current experimental models represent a major leap forward, a breakthrough of this nature would greatly reduce the timeline for real-world cryptographic disruption. Even though there has been significant progress in the field of quantum computing, experts remain divided as to whether it will actually pose any real threat in the foreseeable future. Despite the well-documented theoretical risks, the timeline for practical impacts remains unclear. 

Even though these warnings have been made, opinions remain split among bitcoiners. Adam Back, CEO of Blockstream and a prominent voice within the Bitcoin community, maintains that quantum computing will not be a practical threat for at least two decades. However, he acknowledged that rapid technological advancement could one day lead to a migration to quantum-resistant wallets, which might even affect long-dormant holdings such as the ones attributed to Satoshi Nakamoto, the mysterious creator of Bitcoin. 

There is no longer a theoretical debate going on between quantum physics and cryptography; rather, the crypto community must now contend with a pressing question: at what point shall the crypto community adapt so as to secure its future in a quantum-powered world? It is feared by Back, who warned Bitcoin users—including those who have long-dormant wallets, such as those attributed to Satoshi Nakamoto—that as quantum capabilities advance, they may be forced to migrate their assets to quantum-resistant addresses to ensure continued security in the future. 

While the threat does not occur immediately, digital currency enthusiasts need to begin preparations well in advance in order to safeguard their future. This cautious but pragmatic viewpoint reflects the sentiment of the larger industry. The development of quantum computing has increasingly been posed as a serious threat to the Bitcoin blockchain's security mechanisms that are based on this concept. 

A recent survey shows that approximately 25% of all Bitcoins are held in addresses that could be vulnerable to quantum attacks, particularly those utilising older forms of cryptographic exposure, such as pay-to-public-key (P2PK) addresses. When quantum advances outpace public disclosure - which is a concern that some members of the cybersecurity community share - the holders of such vulnerable wallets may be faced with an urgent need to act if quantum advancements exceed public disclosure. 

Generally, experts recommend transferring assets to secure pay-to-public-key-hash (P2PKH) addresses, which offer an additional level of cryptographic security. Despite the fact that there is secure storage, users should ensure that private keys are properly backed up using trusted, offline methods to prevent accidental loss of access to private keys. However, the implications go beyond individual wallet holders. 

While some individuals may have secured their assets, the broader Bitcoin ecosystem remains at risk if there is a significant amount of Bitcoin exposed, regardless of whether they can secure their assets. Suppose there is a mass quantum-enabled theft that undermines market confidence, leads to a collapse in Bitcoin's value, and damages the credibility of blockchain technology as a whole? In the future, even universal adoption of measures such as P2PKH is not enough to prevent the inevitable from happening. 

A quantum computer could eventually be able to compromise current cryptographic algorithms rapidly if it reaches a point at which it can do so, which may jeopardise Bitcoin's transaction validation process itself if it reaches that point. It would seem that the only viable long-term solution in such a scenario is a switch to post-quantum cryptography, an emerging class of cryptography that has been specifically developed to deal with quantum attacks.

Although these algorithms are promising, they present new challenges regarding scalability, efficiency, and integration with existing protocols of blockchains. Several cryptographers throughout the world are actively researching and testing these systems in an attempt to build robust, quantum-resistant blockchain infrastructures capable of protecting digital assets for years to come. 

It is believed that Bitcoin's cryptographic framework is based primarily on Elliptic Curve Digital Signature Algorithm (ECDSA), and that its recent enhancements have also included Schnorr signatures, an innovation that improves privacy, speeds transaction verification, and makes it much easier to aggregate multiple signatures than legacy systems such as RSA. The advancements made to Bitcoin have helped to make it more efficient and scalable. 

Even though ECDSA and Schnorr are both sophisticated, they remain fundamentally vulnerable to a sufficiently advanced quantum computer in terms of computational power. There is a major vulnerability at the heart of this vulnerability, which is Shor's Algorithm, a quantum algorithm introduced in 1994 that, when executed on an advanced quantum computer, is capable of solving the mathematical problems that govern elliptic curve cryptography quite efficiently, as long as that quantum system is powerful enough. 

Even though no quantum computer today is capable of running Shor’s Algorithm at the necessary scale, today’s computers have already exceeded the 100-qubit threshold, and rapid advances in quantum error correction are constantly bridging the gap between theoretical risk and practical threat, with significant progress being made in quantum error correction. It has been highlighted by the New York Digital Investment Group (NYDIG) that Bitcoin is still protected from quantum machines in today's world, but may not be protected as much in the future, due to the fact that it may not be as safe against quantum machines. 

Bitcoin's long-term security depends on more than just hash power and decentralised mining, but also on adopting quantum-resistant cryptographic measures that are capable of resisting quantum attacks in the future. The response to this problem has been to promote the development of Post-Quantum Cryptography (PQC), a new class of cryptographic algorithms designed specifically to resist quantum attacks, by researchers and blockchain developers. 

It is, however, a highly complex challenge to integrate PQC into Bitcoin's core protocol. These next-generation cryptographic schemes can often require much larger keys and digital signatures than those used today, which in turn could lead to an increase in blockchain size as well as more storage and bandwidth demands on the Bitcoin network. As a result of slower processing speeds, Bitcoin's scalability may also be at risk, as this may impact transaction throughput. Additionally, the decentralised governance model of Bitcoin adds an extra layer of difficulty as well. 

The transition to the new cryptographic protocol requires broad agreement among developers, miners, wallet providers, and node operators, making protocol transitions arduous and politically complicated. Even so, there is still an urgency to adapt to the new quantum technologies as the momentum in quantum research keeps growing. A critical moment has come for the Bitcoin ecosystem: either it evolves to meet the demands of the quantum era, or it risks fundamental compromise of its cryptographic integrity if it fails to adapt. 

With quantum technology advancing from the theoretical stage to practical application, the Bitcoin community stands at a critical turning point. Despite the fact that the current cryptographic measures remain intact, a forward-looking response is necessary in order to keep up with the rapid pace of innovation. 

For the decentralised finance industry to thrive, it will be necessary to invest in quantum-resilient infrastructure, adopt post-quantum cryptographic standards as soon as possible, and collaborate with researchers, developers, and protocol stakeholders proactively. 

The possibility of quantum breakthroughs being ignored could threaten not only the integrity of individual assets but also the structural integrity of the entire cryptocurrency ecosystem if people fail to address their potential effects. To future-proof Bitcoin, it is also crucial that people start doing so now, not in response to an attack, but to prepare for a reality that the more technological advancements they make, the closer it seems to being a reality.
Read more »
SPN
AES Cryptographic Cryptographically Relevant Quantum Computer Cyber Encryption Cyber Security Cyberattacks CyberThreat Decryption Tool Global Encryption Hardware RSA SPN

Global Encryption at Risk as China Reportedly Advances Decryption Capabilities

 


It has been announced that researchers at Shanghai University have achieved a breakthrough in quantum computing that could have a profound impact on modern cryptographic systems. They achieved a significant leap in quantum computing. The team used a quantum annealing processor called D-Wave to successfully factor a 22-bit RSA number, a feat that has, until now, been beyond the practical capabilities of this particular class of quantum processor. 

There is no real-world value in a 22-bit key, but this milestone marks the beginning of the development of quantum algorithms and the improvement of hardware efficiency, even though it is relatively small and holds no real-world encryption value today. A growing vulnerability has been observed in classical encryption methods such as RSA, which are foundational to digital security across a wide range of financial systems, communication networks and government infrastructures. 

It is a great example of the accelerated pace at which the quantum arms race is occurring, and it reinforces the urgency around the creation of quantum-resistant cryptographic standards and the adoption of quantum-resistant protocols globally. 

As a result of quantum computing's progress, one of the greatest threats is that it has the potential to break widely used public key cryptographic algorithms, including Rivest-Shamir-Adleman (RSA), Diffie-Hellman, and even symmetric encryption standards, such as Advanced Encryption Standard (AES), very quickly and with ease.

Global digital security is built on the backbone of these encryption protocols, safeguarding everything from financial transactions and confidential communications to government and defense data, a safeguard that protects everything from financial transactions to confidential communications. As quantum computers become more advanced, this system might become obsolete if quantum computers become sufficiently advanced by dramatically reducing the time required to decrypt, posing a serious risk to privacy and infrastructure security. 

As a result of this threat looming over the world, major global powers have already refocused their strategic priorities. There is a widespread belief that nation-states that are financially and technologically able to develop quantum computing capabilities are actively engaged in a long-term offensive referred to as “harvest now, decrypt later”, which is the purpose of this offensive. 

Essentially, this tactic involves gathering enormous amounts of encrypted data today to decrypt that data in the future, when quantum computers reach a level of functionality that can break classical encryption. Even if the data has remained secure for now, its long-term confidentiality could be compromised. 

According to this strategy, there is a pressing need for quantum-resistant cryptographic standards to be developed and deployed urgently to provide a future-proof solution to sensitive data against the inevitable rise in quantum decryption capabilities that is inevitable. Despite the fact that 22-bit RSA keys are far from secure by contemporary standards, and they can be easily cracked by classical computer methods, this experiment marks the largest number of quantum annealing calculations to date, a process that is fundamentally different from the gate-based quantum systems that are most commonly discussed. 

It is important to note that this experiment is not related to Shor's algorithm, which has been thecentrer of theoretical discussions about breaking RSA encryption and uses gate-based quantum computers based on highly advanced technology. Instead, this experiment utilised quantum annealing, an algorithm that is specifically designed to solve a specific type of mathematical problem, such as factoring and optimisation, using quantum computing. 

The difference is very significant: whereas Shor's algorithm remains largely impractical at scale because of hardware limitations at the moment, D-Wave offers a solution to this dilemma by demonstrating how real-world factoring can be achieved on existing quantum hardware. Although it is limited to small key sizes, it does demonstrate the potential for real-world factoring on existing quantum hardware. This development has a lot of importance for the broader cryptographic security community. 

For decades, RSA encryption has provided online transactions, confidential communications, software integrity, and authentication systems with the necessary level of security. The RSA encryption is heavily dependent upon the computational difficulty of factorising large semiprime numbers. Classical computers have required a tremendous amount of time and resources to crack such encryption, which has kept the RSA encryption in business for decades to come.

In spite of the advances made by Wang and his team, it appears that even alternative quantum methods, beyond the widely discussed gate-based systems, may have tangible results for attacking these cryptographic barriers in the coming years. While it may be the case that quantum annealing is still at its infancy, the trajectory is still clearly in sight: quantum annealing is maturing, and as a result, the urgency for transitioning to post-quantum cryptographic standards becomes increasingly important.

A 22-bit RSA key does not have any real cryptographic value in today's digital landscape — where standard RSA keys usually exceed 2048 bits — but the successful factoring of such a key using quantum annealing represents a crucial step forward in quantum computing research. A demonstration, which is being organised by researchers in Shanghai, will not address the immediate practical threats that quantum attacks pose, but rather what it will reveal concerning quantum attack scalability in the future. 

A compelling proof-of-concept has been demonstrated here, illustrating that with refined techniques and optimisation, more significant encryption scenarios may soon come under attack. What makes this experiment so compelling is the technical efficiency reached by the research team as a result of their work. A team of researchers demonstrated that the current hardware limitations might actually be more flexible than previously thought by minimising the number of physical qubits required per variable, improving embeddings, and reducing noise through improved embeddings. 

By using quantum annealers—specialised quantum devices previously thought to be too limited for such tasks, this opens up the possibility to factor out larger key sizes. Additionally, there have been successful implementations of the quantum annealing approach for use with symmetric cryptography algorithms, including Substitution-Permutation Network (SPN) cyphers such as Present and Rectangle, which have proven to be highly effective. 

In the real world, lightweight cyphers are common in embedded systems as well as Internet of Things (IoT) devices, which makes this the first demonstration of a quantum processor that poses a credible threat to both asymmetric as well as symmetric encryption mechanisms simultaneously instead of only one or the other. 

There are far-reaching implications to the advancements that have been made as a result of this advancement, and they have not gone unnoticed by the world at large. In response to the accelerated pace of quantum developments, the US National Institute of Standards and Technology (NIST) published the first official post-quantum cryptography (PQC) standards in August of 2024. These standards were formalised under the FIPS 203, 204, and 205 codes. 

There is no doubt that this transition is backed by the adoption of the Hamming Quasi-Cyclic scheme by NIST, marking another milestone in the move toward a quantum-safe infrastructure, as it is based on lattice-based cryptography that is believed to be resistant to both current and emerging quantum attacks. This adoption further solidifies the transition into this field. There has also been a strong emphasis on the urgency of the issue from the White House in policy directives issued by the White House. 

A number of federal agencies have been instructed to begin phasing out vulnerable public key encryption protocols. The directive highlights the growing consensus that proactive mitigation is essential in light of the threat of "harvest now, decrypt later" strategies, where adversaries collect encrypted data today in anticipation of the possibility that future quantum technologies can be used to decrypt it. 

Increasing quantum breakthroughs are making it increasingly important to move to post-quantum cryptographic systems as soon as possible, as this is no longer a theoretical exercise but a necessity for the security of the world at large. While the 22-bit RSA key is very small when compared to the 2048-bit keys commonly used in contemporary cryptographic systems, the recent breakthrough by Shanghai researchers holds a great deal of significance both scientifically and technologically. 

Previously, quantum factoring was attempted with annealing-based systems, but had reached a plateau at 19-bit keys. This required a significant number of qubits per variable, which was rather excessive. By fine-tuning the local field and coupling coefficients within their Ising model, the researchers were able to overcome this barrier in their quantum setup. 

Through these optimisations, the noise reduction and factoring process was enhanced, and the factoring process was more consistent, which suggests that with further refinement, a higher level of complexity can be reached in the future with the RSA key size, according to independent experts who are aware of the possible implications. 

Despite not being involved in this study, Prabhjyot Kaur, an analyst at Everest Group who was not involved, has warned that advances in quantum computing could pose serious security threats to a wide range of industries. She underscored that cybersecurity professionals and policymakers alike are becoming increasingly conscious of the fact that theoretical risks are rapidly becoming operational realities in the field of cybersecurity. 

A significant majority of the concern surrounding quantum threats to encryption has traditionally focused on Shor's algorithm - a powerful quantum technique capable of factoring large numbers efficiently, but requiring a quantum computer based on gate-based quantum algorithms to be implemented. 

Though theoretically, these universal quantum machines are not without their limitations in hardware, such as the limited number of qubits, the limited coherence times, and the difficult correction of quantum errors. The quantum annealers from D-Wave, on the other hand, are much more mature, commercially accessible and do not have a universal function, but are considerably more mature than the ones from other companies. 

With its current generation of Advantage systems, D-Wave has been able to boast over 5,000 qubits and maintain an analogue quantum evolution process that is extremely stable at an ultra-low temperature of 15 millikelvin. There are limitations to quantum annealers, particularly in the form of exponential scaling costs, limiting their ability to crack only small moduli at present, but they also present a unique path to quantum-assisted cryptanalysis that is becoming increasingly viable as time goes by. 

By utilising a fundamentally different model of computation, annealers avoid many of the pitfalls associated with gate-based systems, including deep quantum circuits and high error rates, which are common in gate-based systems. In addition to demonstrating the versatility of quantum platforms, this divergence in approach also underscores how important it is for organisations to remain up to date and adaptive as multiple forms of quantum computing continue to evolve at the same time. 

The quantum era is steadily approaching, and as a result, organisations, governments, and security professionals must acknowledge the importance of cryptographic resilience as not only a theoretical concern but an urgent operational issue. There is no doubt that recent advances in quantum annealing, although they may be limited in their immediate threat, serve as a clear indication that quantum technology is progressing at a faster ra///-te than many had expected. 

The risk of enterprises and institutions not being able to afford to wait for large-scale quantum computers to become fully capable before implementing security transitions is too great to take. Rather than passively watching, companies and institutions must start by establishing a full understanding of the cryptographic assets they are deploying across their infrastructure in order to be able to make informed decisions about their cryptographic assets. 

It is also critical to adopt quantum-resistant algorithms, embrace crypto-agility, and participate in standards-based migration efforts if people hope to secure digital ecosystems for the long term. Moreover, continuous education is equally important to ensure that decision-makers remain informed about quantum developments as they develop to make timely and strategic security investments promptly. 

The disruptive potential of quantum computing presents undeniable risks, however it also presents a rare opportunity for modernizing foundational digital security practices. As people approach post-quantum cryptography, the digital future should be viewed not as one-time upgrade but as a transformation that integrates foresight, flexibility, and resilience, enabling us to become more resilient, resilient, and flexible. Taking proactive measures today will have a significant impact on whether people remain secure in the future.
Read more »
RSA Conference
agentic AI AI cybersecurity tools AI Systems AI technology Career Cyber Security cybersecurity landscape RSA RSA Conference

Agentic AI Is Reshaping Cybersecurity Careers, Not Replacing Them

 

Agentic AI took center stage at the 2025 RSA Conference, signaling a major shift in how cybersecurity professionals will work in the near future. No longer a futuristic concept, agentic AI systems—capable of planning, acting, and learning independently—are already being deployed to streamline incident response, bolster compliance, and scale threat detection efforts. These intelligent agents operate with minimal human input, making real-time decisions and adapting to dynamic environments. 

While the promise of increased efficiency and resilience is driving rapid adoption, cybersecurity leaders also raised serious concerns. Experts like Elastic CISO Mandy Andress called for greater transparency and stronger oversight when deploying AI agents in sensitive environments. Trust, explainability, and governance emerged as recurring themes throughout RSAC, underscoring the need to balance innovation with caution—especially as cybercriminals are also experimenting with agentic AI to enhance and scale their attacks. 

For professionals in the field, this isn’t a moment to fear job loss—it’s a chance to embrace career transformation. New roles are already emerging. AI-Augmented Cybersecurity Analysts will shift from routine alert triage to validating agent insights and making strategic decisions. Security Agent Designers will define logic workflows and trust boundaries for AI operations, blending DevSecOps with AI governance. Meanwhile, AI Threat Hunters will work to identify how attackers may exploit these new tools and develop defense mechanisms in response. 

Another critical role on the horizon is the Autonomous SOC Architect, tasked with designing next-generation security operations centers powered by human-machine collaboration. There will also be growing demand for Governance and AI Ethics Leads who ensure that decisions made by AI agents are auditable, compliant, and ethically sound. These roles reflect how cybersecurity is evolving into a hybrid discipline requiring both technical fluency and ethical oversight. 

To stay competitive in this changing landscape, professionals should build new skills. This includes prompt engineering, agent orchestration using tools like LangChain, AI risk modeling, secure deployment practices, and frameworks for explainability. Human-AI collaboration strategies will also be essential, as security teams learn to partner with autonomous systems rather than merely supervise them. As IBM’s Suja Viswesan emphasized, “Security must be baked in—not bolted on.” That principle applies not only to how organizations deploy agentic AI but also to how they train and upskill their cybersecurity workforce. 

The future of defense depends on professionals who understand how AI agents think, operate, and fail. Ultimately, agentic AI isn’t replacing people—it’s reshaping their roles. Human intuition, ethical reasoning, and strategic thinking remain vital in defending against modern cyber threats. 

As HackerOne CEO Kara Sprague noted, “Machines detect patterns. Humans understand motives.” Together, they can form a faster, smarter, and more adaptive line of defense. The cybersecurity industry isn’t just gaining new tools—it’s creating entirely new job titles and disciplines.
Read more »
Technology
Cryptographic CyberCrime Cybersecurity CyberThreat Encryption Quantum computing RSA Technology

RSA Encryption Breached by Quantum Computing Advancement

 


A large proportion of the modern digital world involves everyday transactions taking place on the internet, from simple purchases to the exchange of highly sensitive corporate data that is highly confidential. In this era of rapid technological advancement, quantum computing is both perceived as a transformative opportunity and a potential security threat. 

Quantum computing has been generating considerable attention in recent years, but as far as the 2048-bit RSA standard is concerned, it defies any threat these advances pose to the existing encryption standards that have been in use for decades. Several cybersecurity experts have expressed concern about quantum technologies potentially compromising military-grade encryption because of the widespread rumours.

However, these developments have not yet threatened robust encryption protocols like AES and TLS, nor do they threaten high-security encryption protocols like SLA or PKI. In addition to being a profound advancement over classical computing, quantum computing utilizes quantum mechanics principles to produce computations that are far superior to classical computation. 

Despite the inherent complexity of this technology, it has the potential to revolutionize fields such as pharmaceutical research, manufacturing, financial modelling, and cybersecurity by bringing enormous benefits. The quantum computer is a device that combines the unique properties of subatomic particles with the ability to perform high-speed calculations and is expected to revolutionize the way problems are solved across a wide range of industries by exploiting their unique properties. 

Although quantum-resistant encryption has been the focus of much attention lately, ongoing research is still essential if we are to ensure the long-term security of our data. As a major milestone in this field occurred in 2024, researchers reported that they were able to successfully compromise RSA encryption, a widely used cryptography system, with a quantum computer. 

To ensure the security of sensitive information transferred over digital networks, data encryption is an essential safeguard. It converts the plaintext into an unintelligible format that can only be decrypted with the help of a cryptographic key that is designated by the sender of the encrypted data. It is a mathematical value which is known to both the sender and the recipient but it is only known to them. This set of mathematical values ensures that only authorized parties can access the original information. 

To be able to function, cryptographic key pairs must be generated, containing both a public key and a private key. Plaintext is encrypted using the public key, which in turn encrypts it into ciphertext and is only decryptable with the corresponding private key. The primary principle of RSA encryption is that it is computationally challenging to factor large composite numbers, which are formed by multiplying two large prime numbers by two. 

Therefore, RSA encryption is considered highly secure. As an example, let us consider the composite number that is released when two 300-digit prime numbers are multiplied together, resulting in a number with a 600-digit component, and whose factorization would require a very long period if it were to be done by classical computing, which could extend longer than the estimated lifespan of the universe.

Despite the inherent complexity of the RSA encryption standard, this standard has proven to be extremely resilient when it comes to securing digital communications. Nevertheless, the advent of quantum computing presents a formidable challenge to this system. A quantum computer has the capability of factoring large numbers exponentially faster than classical computers through Shor's algorithm, which utilizes quantum superposition to perform multiple calculations at once, which facilitates the simultaneous execution of many calculations at the same time. 

Among the key components of this process is the implementation of the Quantum Fourier Transform (QFT), which extracts critical periodic values that are pertinent to refining the factorization process through the extraction of periodic values. Theoretically, a quantum computer capable of processing large integers could be able to break down the RSA encryption into smaller chunks of data within a matter of hours or perhaps minutes, effectively rendering the security of the encryption susceptible. 

As quantum computing advances, the security implications for cryptographic systems such as RSA are under increasing threat, necessitating that quantum-resistant encryption methodologies must be developed. There is a significant threat posed by quantum computers being able to decrypt such encryption mechanisms, and this could pose a substantial challenge to current cybersecurity frameworks, underscoring the importance of continuing to improve quantum-resistant cryptographic methods. 

The classical computing system uses binary bits for the representation of data, which are either zero or one digits. Quantum computers on the other hand use quantum bits, also called qubits, which are capable of occupying multiple states at the same time as a result of the superposition principle. As a result of this fundamental distinction, quantum computers can perform highly complex computations much faster than classical machines, which are capable of performing highly complex computations. 

As an example of the magnitude of this progress, Google reported a complex calculation that it successfully performed within a matter of seconds on its quantum processor, whereas conventional computing technology would have taken approximately 10,000 years to accomplish. Among the various domains in which quantum computing can be applied, a significant advantage can be seen when it comes to rapidly processing vast datasets, such as the artificial intelligence and machine learning space. 

As a result of this computational power, there are also cybersecurity concerns, as it may undermine existing encryption protocols by enabling the decryption of secure data at an unprecedented rate, which would undermine existing encryption protocols. As a result of quantum computing, it is now possible for long-established cryptographic systems to be compromised by quantum computers, raising serious concerns about the future security of the internet. However, there are several important caveats to the recent study conducted by Chinese researchers which should be taken into account. 

In the experiment, RSA encryption keys were used based on a 50-bit integer, which is considerably smaller and less complex than the encryption standards used today in security protocols that are far more sophisticated. RSA encryption is a method of encrypting data that relies on the mathematical difficulty of factoring large prime numbers or integers—complete numbers that cannot be divided into smaller fractions by factors. 

To increase the security of the encryption, the process is exponentially more complicated with larger integers, resulting in a greater degree of complexity. Although the study by Shanghai University proved that 50-bit integers can be decrypted successfully, as Ron Rivest, Adi Shamir, and Leonard Adleman have stressed to me, this achievement has no bearing on breaking the 2048-bit encryption commonly used in current RSA implementations. This achievement, however, is far from achieving any breakthrough in RSA. As a proof of concept, the experiment serves rather as a potential threat to global cybersecurity rather than as an immediate threat. 

It was demonstrated in the study that quantum computers are capable of decrypting relatively simple RSA encryption keys, however, they are unable to crack the more robust encryption protocols that are currently used to protect sensitive digital communications. The RSA algorithm, as highlighted by RSA Security, is the basis for all encryption frameworks across the World Wide Web, which means that almost all internet users have a vested interest in whether or not these cryptographic protections remain reliable for as long as possible. Even though this experiment does not signal an imminent crisis, it certainly emphasizes the importance of continuing to be vigilant as quantum computing technology advances in the future.
Read more »
Ukraine
Fake Apps malware RSA Ukraine

Malware Targets Ukrainian Military via Fake App

 



Cybersecurity experts said that a malware campaign targeting Ukraine's military personnel has been released. The malware is spread with the help of a fake installer for an app called "Army+." That installer looks perfectly legitimate but embeds malicious code. It will install the Tor browser and use the hidden PowerShell script to carry on malicious activities; this means that there is misuse of the Tor browser for secretive purposes rather than any other purpose that it was used for.


How the Malware Works

The installation process starts with the fake app ArmyPlusInstaller. It launches a decoy application, ArmyPlus.exe, to avoid suspicion. In the background, a hidden script, init.ps1, works to bypass security restrictions on the system.

It would normally block such unauthorized scripts to keep a computer safe. But the malware will play with security settings by means of specific PowerShell commands to have the liberty of working freely. It even reduces the size of the console window to conceal all its actions and create further illusion. It plants files in strategic locations

The malware spreads its files throughout the folders of the system to remain hidden. For instance, the Tor browser files are stored in a directory called OneDriveData, while OpenSSH files, which give the attackers remote access, are kept in a folder called ssh.

This init.ps1 script plays a crucial role as it can pull down and install the Tor browser for use in secret operations. The init.ps1 script establishes communication between the compromised computer and the attacker, giving them an avenue through which to command the system from a stealth position.


Backdoor That Survives Reboot

After installation, it establishes a backdoor through which attackers secretly command the system remotely. The system information is then transmitted along with a public RSA key through Tor to a remote server. The latter facilitates communication from the attackers side encrypted through that public RSA key. In that manner, an attacker is in a position to issue commands, and if they have their ways, may end up commanding at a very high level within the system.


Exploiting User Trust

A devious malware installer masquerading as a program installation. Requesting administrative credentials, which may be granted unwarily by innocent users. Once the visible, front-end app fails, all the malicious instructions are executed on the backhand in silence silently, including accessing and transmitting some sensitive information it has gathered.


Why Is This Important

This incident highlights how cybercriminals exploit everyday tools, like PowerShell and Tor, to hide their attacks. In this way, they mimic legitimate software, making it harder for standard defenses to detect them.

It is a reminder for all of us to download software only from trusted sources and for organizations to regularly update their security measures. Being alert will help prevent such stealthy cyberattacks from succeeding.

This development underlines the increasing nuances in cyber threats in conflict zones as attackers continue to evolve their techniques to evade detection.


Read more »
Sophos
Crypto Cyber Attacks Encryption Ransomware Attacks. RSA Sophos

The Persistent Threat of Ransomware: RSA Conference 2023 Highlights

The cybersecurity industry's highest-profile annual gathering, the RSA Conference, has focused heavily on the ongoing and increasing threat of ransomware. Last year, 68% of all cyberattacks involved ransomware, according to cybersecurity firm Sophos. 

The National Security Agency's director of cybersecurity, Rob Joyce, recently confirmed that Russian hackers are now weaponizing ransomware to target Ukrainian logistics companies and organizations in Western-allied countries.

Ransomware typically begins with file-encrypting malware being installed on an organization's network, which is then followed by a ransom note displayed on every screen. Hackers demand payment, often in cryptocurrency, to unlock the networks and prevent any data leaks. In recent years, ransomware has affected schools, hospitals, small businesses, and more.

At RSA, conversations have shifted from viewing ransomware as a mere annoyance to a persistent and dangerous threat. A panel on the last day of the conference acted out a hypothetical response to an Iran-backed ransomware attack on US banks in 2025, highlighting the severity of the threat.

The shift in perspective is in response to the increasing sophistication and persistence of ransomware attacks, as well as the fact that cybercriminals have been successful in monetizing their activities. The use of cryptocurrency for payment also makes it more difficult for law enforcement to trace the source of the attacks.

Ransomware attacks are now considered to be a "forever problem," meaning they will be a persistent threat for the foreseeable future. Organizations and individuals must take proactive steps to prevent attacks, including maintaining strong security measures and regularly backing up data. It is also crucial to be vigilant for any suspicious activity and to report any potential attacks immediately to the appropriate authorities.

In conclusion, ransomware attacks continue to be a major concern for cybersecurity professionals, and their impact will only continue to grow. Organizations and individuals must be proactive in their cybersecurity measures to prevent attacks and minimize damage.

Read more »
RSA
APT CISA & FBI Cyber Attacks Encryption North Korean Hackers Ransomware Attacks. RSA

North Korea: Maui Ransomware Attacks Healthcare Services

 

North Korean state-sponsored hackers are using Maui to encrypt computers and data for vital healthcare services, including electronic health records, diagnostics, imaging, and intranet. A joint advisory from the FBI, the Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) describes a ransomware campaign that Pyongyang has been executing at least since May 2021. 

Traits of threat actors

It is unknown how these threat actors enter organizations through the initial access vector. The less well-known ransomware family stands out, according to cybersecurity firm Stairwell, since it lacks numerous essential characteristics typically found in ransomware-as-a-service (RaaS) groups. Stairwell's findings served as the basis for the alert. 

The lack of an "embedded ransom letter to provide recovery instructions or automated means of transferring encryption keys to attackers" is one analogy of this, according to security expert Silas Cutler in a technical analysis of the ransomware.

Instead, Maui sample analysis indicates that the malware is made to be manually executed by a remote actor using a command-line interface, utilizing it to target particular files on the compromised machine for encryption, as recently seen in the case of Bronze Starlight.

Each of these keys is then encrypted with RSA using a key pair generated for the first time when Maui is launched, in addition to encrypting target files with AES 128-bit encryption with a new key. The RSA keys are encrypted using a hard-coded, particular-to-each-campaign RSA public key as a third-degree of security.

The fact that Maui is not provided as a service to other affiliates for use in exchange for a cut of the money earned is another thing that sets it apart from other conventional ransomware products. 

Why is DPRK targeting healthcare?

Ransomware is highly hazardous in the healthcare industry. Such businesses often don't provide cybersecurity much attention or funds. Hospitals and other similar organizations also own critical medical and health data prone to abuse. Furthermore, such facilities cannot afford to be shut down for an extended period, which increases the possibility that they might pay the ransom to resume services.

Although these North Korean-sponsored ransomware operations targeting healthcare companies have been occurring for a year, iboss claims that they have increased significantly and become more sophisticated since then. It's the most recent example of how North Korean enemies are changing their strategies to shadily produce an ongoing flow of income for the country's struggling economy. 

The ransomware attacks are alleged to have temporarily or permanently affected health services in several cases. It is currently uncertain what infection vector was first used to carry out the incursions. Only 2% of those who paid the ransom in 2021 received their whole data recovered, according to the Sophos' State of Ransomware in Healthcare 2022 report. This compares to the global average of 46%. 

Read more »
RSA
Amazon API Bug Cyber Security FBI Mespinoza group PHP PRODAFT PYSA ransomware attacks RSA

PYSA Ransomware Group: Experts Share In-Depth Details

 

Since August 2020, the cybercrime group adopted a five-stage system design, with the malware developers prioritizing enhancements to boost the efficiency of its activities, according to an 18-month examination of the PYSA ransomware operation. The GSOC explores the PYSA ransomware inside this Threat Analysis Report. Once the Federal Bureau of Investigation (FBI) informed of the ransomware's increased activity and significant harmful impact early this year, it became known as the PYSA ransomware. 

This includes a user-friendly tool, such as a full-text search engine, to make metadata extraction easier and allow threat actors to easily locate and access victim information. "The group is notorious for thoroughly researching high-value targets before unleashing its operations, compromising business systems, and forcing researchers to pay significant ransoms to retrieve sensitive data," stated PRODAFT, a Swiss cybersecurity firm, in a comprehensive report released last week. 

PYSA, which stands for "Protect Your System, Amigo" and is a descendant of the Mespinoza ransomware, was initially discovered in December 2019 and has since risen to become the third most common ransomware strain reported in the fourth quarter of 2021. The cybercriminal cell is thought to have exfiltrated confidential info linked to as many as 747 individuals since September 2020, until its databases were taken down earlier this January. 

The majority of its victims are in the United States and Europe, and the gang primarily targets the federal, medical, and educational sectors. "The United States was the most-affected country, contributing for 59.2 percent of all PYSA occurrences documented," Intel 471 stated in a review of ransomware assaults observed from October to December 2021. PYSA, like all other malware attacks, is renowned for using the "big game hunting" method of double ransom, which involves making the stolen data public if the victim refuses to comply with the firm's demands. 

Every relevant key is encrypted and assigned the ".pysa" extension, which can only be decoded with the RSA private key given after paying the fee. PYSA victims are claimed to have paid about 58 percent in digital payments to get access to protected data. PRODAFT was able to find a publicly accessible. git folder owned by PYSA operators and designated one of the project's writers as "dodo@mail.pcc," a danger actor based on the commit history thought to be situated in a country that observes daylight savings time.

As per the study, at least 11 accounts are in control of the whole operation, the mass of which was formed on January 8, 2021. However, four of these accounts — t1, t3, t4, and t5 — account for approximately 90% of activity on the management panel of the company. Other operational security failures committed by the group's members allowed a concealed system running on the TOR secrecy network — a server provider (Snel.com B.V.) based in the Netherlands — to be identified, providing insight into the actor's techniques. PYSA's infrastructure also includes dockerized containers for global leak servers, database servers, administrative servers, and an Amazon S3 cloud for storing the files, which total 31.47TB.

The panel is written in PHP 7.3.12 by using the Laravel framework and uses the Git version monitoring system to oversee the development process. Furthermore, the admin panel exposes several API endpoints that allow the system to display files, auto-generate GIFs, and scan data, which is used to group stolen victim data into broad categories for simple retrieval. Several or more potential threat groups spent nearly five months within the system of an undisclosed regional US government agency before delivering the LockBit ransomware malware at the start of the year, as per research from cybersecurity firm Sophos.
Read more »
TrickBot
Banking Trojan Botnets Conti Emotet Trojan IP Address malware Qakbot RSA TrickBot

The Emotet Malware is Alive and Using TrickBot to Rebuild its Botnet

 

The malicious Emotet botnet, which made a comeback in November 2021 after a 10-month break, is showing indications of steady expansion once again, collecting a colony of over 100,000 infected hosts to carry out its destructive actions. 

In a new round of attacks, Emotet, a Banking Trojan which has evolved into a formidable modular threat, has reappeared with improved features. It has infected devices to carry out additional spam campaigns and install various payloads like the QakBot (Qbot) and Trickbot malware. These payloads would subsequently be utilized to give threat actors, such as Ryuk, Conti, ProLock, Egregor, and others, early access to deploy ransomware. 

"While Emotet has not yet reached the same magnitude as before, the botnet is displaying a strong resurrection with a total of around 130,000 unique bots scattered over 179 countries since November 2021," Lumen's Black Lotus Labs researchers wrote in a report. On April 25th, 2021, German law enforcement used the network to send an Emotet module that removed the malware from afflicted devices. 

The TrickBot malware has begun to dump an Emotet loader on affected devices, according to Emotet research group Cryptolaemus, GData, and Advanced Intel. While Emotet used to deploy TrickBot, the threat actors now use a mechanism called "Operation Reacharound" by the Cryptolaemus group, which rebuilds the botnet utilizing TrickBot's current infrastructure. 

Apart from command-and-control (C2) lists and RSA keys, which change from version to version, Emotet's main payload hasn't changed much, but the list of phrases used to establish a process name for its bot has been renewed. Along with new binaries, words like engine, finish, magnify, resapi, query, skip, and many more are utilized and modified. Researchers may be able to construct signatures to detect Emotet infections on machines once these lists have been secured, but signature-based detection is more challenging if the list changes. 

Abuse.ch has published a list of the new Emotet botnet's command and control servers and strongly advises network administrators to ban the linked IP addresses. Another new feature is the ability to collect extra system information from compromised workstations in addition to a list of running processes. The number of bots and associated dispersion are crucial indicators of Emotet's success in reconstructing its once-vast infrastructure.
Read more »
VPN
Anonymous hacktivists API Cyber Hacking Data Breach E-mail Fraud malacious RSA VPN

SEGA's Europe Security : AWS S3 Bucket Exposed Provides Steam API Access

 


During a cloud-security assessment, SEGA Europe discovered that critical data was being kept in an unsecured Amazon Web Services (AWS) S3 bucket, and it's sharing the story to encourage other companies to double-check their own systems. VPN Overview researcher Aaron Phillips collaborated with SEGA Europe to protect the leaked data. SEGA's revelation, according to Phillips, is designed to assist the broader cybersecurity community in improving their own defenses.

The unsecured S3 bucket may be used to access user data, including information on thousands of members of the Football Manager forums at community.sigames.com. The following are the issues that have been detected in SEGA Europe's Amazon cloud: 

  • Developer key for Steam 
  • RSA keys are a type of cryptography. 
  • PII and passwords that have been hashed 
  • API key for MailChimp 
  • Credentials for Amazon Web Services 

Sensitive data in hands of a malicious actor could be disastrous for any company, but as Lookout's Hank Schless explained to Threatpost, gaming companies continue to be of particular interest to attackers. To threat actors, gaming firms hold a gold mine of personal data, development information, proprietary code, and payment information. Gaming firms must ensure that their data is protected while consumers from all over the world play their games, thanks to data privacy rules like the CCPA and GDPR.

Indeed, well-known brands like Steam, Among Us, Riot Games, and others have been hacked and utilized to deceive innocent gamers. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm. Researchers were able to upload files, run scripts, edit existing web pages, and change the settings of critically susceptible SEGA domains, according to the researchers. Downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com are among the affected sites. The domain authority scores of several of the afflicted domains are high. 

This cybersecurity research should serve as a wake-up call for enterprises to evaluate their cloud security procedures. The researchers are hoping that more companies follow SEGA's lead in researching and addressing known vulnerabilities before fraudsters use them. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm.
Read more »
United States
Computer Security Cyberattack KiLLer MiNd National Cyber Security RSA United States

Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.
Read more »
Security News
hacker news NSA RSA Security News

NSA paid $10 million to RSA for making flawed algorithm to weaken encryption


The US National Security Agency(NSA) has secretly paid $10 million for one of the major & respected security firm RSA, to make a flawed algorithm in order to weaken the encryption, according to exclusive report from Reuters.

In September, New York Times reported a story based on documents leaked by former NSA contractor Edward Snowden that NSA created a flawed formula for generating random numbers to create "backdoor" in encryption software.

Reuters later reported RSA became the lead distributor of the formula by using it into an encryption tool known as Bsafe that is used by software developers to improve security in their products.

Two sources disclosed a new information to Reuters that RSA had received the money in exchange for making the NSA's formula as the default method for number generation in the BSafe software.

In a statement to Reuters, RSA denied the allegations saying "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."

 Source: Reuters
Read more »
Subscribe to: Posts (Atom)