Are We Ready for Post Quantum Cryptography (PQR)?

Is your organization prepared for the quantum computing era and the shift to Post-Quantum Cryptography (PQC)?

Well... What does this question mean?

Post-Quantum Cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks from quantum computers. Quantum computers have the potential to break widely used encryption methods (like RSA and ECC).

Our digital world heavily relies on RSA system. RSA (Rivest-Shamir-Adleman) is a widely used public-key cryptosystem that relies on the mathematical problem of factoring large prime numbers. The algorithm involves two keys: a public key, used for encryption, and a private key, used for decryption. However, the rise of quantum computers threatens this system.

Recognizing the urgency, the UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.

https://bit.ly/4kXiZsO

Headlines:

"'Quantum computing is set to revolutionize technology, but it also poses significant risks to current encryption methods,' stated NCSC's CTO, Ollie Whitehouse."

"As quantum technology advances, upgrading our collective security is not just important – it's essential."

"The NCSC recommends adopting NIST-approved PQC algorithms for migration, which were standardized by the U.S. organization last year, and are expected to become the foundation for post-quantum security globally."

"The United States has established a similar timeline for migrating to PQC through the National Security Memorandum 10 (NSM-10), which also sets 2035 as the target year for completing the transition across federal systems."

SideWinder APT Targets Critical Infrastructures

An advanced persistent threat (APT) group known as SideWinder (allegedly Indian origin) is targeting critical infrastructure sectors within Asia, the Middle East, and Africa, with a focus on maritime, nuclear, and logistics operations.

SideWinder is demonstrating increased sophistication in its cyberattacks, enhancing its tools and techniques to evade security software and maintain persistent access to compromised networks. The group utilizes spear-phishing campaigns, delivering malicious documents that exploit the CVE-2017-11882 Microsoft Office vulnerability to deploy the StealerBot malware, a modular toolkit designed for stealing sensitive information.

Headlines:

"The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels.

"'They are constantly monitoring detections of their toolset by security solutions,' Kaspersky said. 'Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours.'"