‘Harvest now, decrypt later’: Why hackers are waiting for quantum computing

Hackers are waiting for the moment when quantum computing will break encryption and allow them to decrypt large amounts of information stolen over the years. In preparation, they’re collecting even more encrypted data than usual. Here’s what companies can do about it:

Why would a hacker collect encrypted data?

Many modern organizations encrypt multiple critical aspects of their operations. 8 out of 10 companies Use enterprise-grade encryption extensively or in part for databases, archives, internal networks, and internet communications. After all, this is cybersecurity best practice.

Surprisingly, cybersecurity experts are increasingly concerned that cybercriminals are stealing encrypted data and waiting for the right opportunity to launch an attack. Their fears are not unfounded: 70% of ransomware attacks They steal information before it is encrypted.

The “steal now, crack later” phenomenon in cyber attacks — where attackers steal encrypted information in the hope that they will eventually be able to crack it — is becoming more common and will become even more prevalent as quantum computing technologies develop.

“Collect now, decode later” mechanism

Quantum computers will enable the phenomenon of “collect now, decrypt later.” In the past, encryption was enough to deter cybercriminals, or at least render their efforts meaningless. Unfortunately, this is no longer the case.

While classical computers work using binary digits (bits) that are either 1 or 0, quantum computers use quantum bits called qubits, which can exist in two states simultaneously, known as superposition.

Quantum bits, or qubits, are either 1 or 0, giving quantum computers far greater processing speed than their competitors. Cybersecurity experts worry that quantum computers could render modern cryptography, or encryption algorithms, useless, opening the door to cyberattacks aimed at compromising information.

Encryption transforms data, also known as plaintext, into a string of random, unbreakable code called ciphertext. It does this using complex mathematical formulas that are technically impossible to decipher without a decryption key. But quantum computing changes that.

Classical computers are It will take 300 trillion years Breaking a 2,048-bit Rivest-Shamir-Adleman cipher would take more than a million seconds, but with qubits it can be done in a matter of seconds. The problem is that this technology is not widely available, only in research and government laboratories.

But quantum computing technology could be available within the next decade, so cybercriminals won’t be able to stop it. In preparation, they plan to use cyber attacks to steal encrypted data and then decrypt it later.

What type of data are hackers collecting?

Hackers typically steal personally identifiable information like names, addresses, job titles, and social security numbers, which allow them to steal your personal information. Account data, such as business credit card numbers and bank account credentials, are also highly sought after.

Quantum computing gives hackers access to everything encrypted, and data storage systems are no longer their primary target: they can eavesdrop on connections between web browsers and servers, read communication between programs, and intercept information in transit.

HR, IT and accounting remain high-risk departments for most companies, but you also need to worry about your infrastructure, vendors and communication protocols – after all, both client-side and server-side encryption are soon to be attacked.

The impact of quantum bits breaking the encryption

Businesses may not realize they’ve been affected by a data breach until attackers use quantum computing to decrypt the stolen information. Business may continue as usual, until we see a surge in account takeovers, identity theft, cyberattacks and phishing attacks.

There is a high likelihood of legal issues and regulatory fines being involved. Considering the average data breach Up from $4.35 million With that figure expected to rise to $4.45 million in 2022 and $4.45 million in 2023 (a 2.3% increase from the previous year), the economic losses could be devastating.

With the advent of quantum computing, businesses can no longer rely on encryption to securely communicate, share files, store data, or use the cloud. Corporate databases, archives, digital signatures, internet communications, hard drives, emails, and internal company networks will soon be vulnerable. Unless alternatives can be found, they may be forced to revert to paper-based systems.

Why prepare for quantum if it doesn’t exist yet?

While the possibility of encryption being broken is alarming, decision-makers need not panic: it will take years, even decades, for the average hacker to acquire a quantum computer, as they are incredibly expensive, resource-intensive, delicate, and prone to error if not kept in ideal conditions.

Specifically, these sensitive machines need to be kept at a temperature just above absolute zero (Fahrenheit 459 To be precise, it is because thermal noise can interfere with operation.

But quantum computing technology is improving every day. Researchers are working to make these computers smaller, easier to use, and more reliable. Soon, they may even be accessible enough for the average person to own one.

Already, a China-based startup has unveiled the world’s first portable consumer quantum computer. Its most expensive model, the Triangulum, The power of three qubits It costs around $58,000, with two cheaper two-qubit versions selling for under $10,000.

While these machines pale in comparison to the high-performance computers found in research labs and government-funded laboratories, they prove that quantum computing technology isn’t far off from reaching the mass market — in other words, decision makers need to act now, rather than waiting until it’s too late.

Moreover, businesses have a much bigger threat to worry about than the average hacker: we may soon see a world where nation states or competitors can pay for quantum computing services to steal intellectual property, financial data, and trade secrets.

What can businesses do to protect themselves?

There are several steps business leaders can take to prepare for quantum computing’s crypto-breaking.

1. Use quantum-safe cryptography

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) will soon Post-quantum cryptography standardsGovernment agencies are using cutting-edge technology to create encryption that even quantum computers can’t crack, and businesses would be wise to adopt it as soon as it’s available.

2. Improved breach detection

Indicators of compromise (signs that a network or system intrusion has occurred) help security professionals respond quickly to a data breach and render the data useless to attackers. For example, if you realize that a hacker has stolen account credentials, you can immediately change all employee passwords.

3. Use a quantum-safe VPN

A quantum-safe virtual private network (VPN) would protect data in transit, preventing eavesdropping and eavesdropping. One expert argues that consumers can expect this soon, saying: In testing phase As of 2024, businesses would be wise to adopt such solutions.

4. Move sensitive data

Decision makers should ask themselves whether the information stolen by bad actors is still relevant after it has been decrypted. They should also consider worst-case scenarios to understand the risk level. From there, they can decide whether to move sensitive data.

One option is to transfer the data to a heavily guarded or constantly monitored paper-based filing system, thus preventing cyber attacks altogether. A more feasible solution is to segment the data with security and authentication controls and store it on a local network that is not connected to the public internet.

Decision makers should start preparing now

Quantum cracking is still years, maybe decades, away, but when it does happen it will have dire consequences, and business leaders should start developing post-quantum plans now to avoid being caught off guard.

Zach Amos is Rehack.