Security News

The Hive group, which has become one of the most prolific ransomware-as-a-service operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," the researchers said in a write-up this week.

The four selected encryption algorithms will become part of NIST's post-quantum cryptographic standard, expected to be finalized in about two years. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road. The quantum-resistant encryption algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.

The number of UK organisations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year. Only 2% do not currently see encryption as a priority.

The US National Institute of Standards and Technology has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits - quantum bits - that a quantum machine can muster, and other factors, such as error correction.

A new report from security researcher and TLS expert Scott Helme, evaluates the use of encryption across the world's top one million sites over the last six months and reveals the need for a control plane to automate the management of machine identities in increasingly complex cloud environments. 2 has declined by 13% over the last six months, with v1.3 in use by almost 50% of sites - more than twice as many sites as v1.2.

Increasingly cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion - and skipping the encryption step altogether. The Conti internal communications leaked earlier in the year highlighted how these ransomware gangs operate akin to software-as-a-service startups.

The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "Significant shortcomings in Mega's cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files. "The first two attacks exploit the lack of integrity protection of ciphertexts containing keys, and allow full compromise of all user keys encrypted with the master key, leading to a complete break of data confidentiality in the MEGA system," the paper explains.

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files.

Researchers at security product recommendation service Safety Detectives claim they've found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub. Safety Detectives' report states it found a StoreHub sever that stored unencrypted data and was not password protected.

Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.