From the Middle East to China, Pegasus spyware revelations show the spread of hacking as a service

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.



The line that separates cyber defence from cyber mercenaries is easily blurred, and China presents a challenge for regulating private espionage.

Source…

Free Ransomware Decryption Site Celebrates Milestone as New Threats Emerge


As Europol celebrated the fifth anniversary of its anti-ransomware initiative this week, menacing new ransomware threats made it clear that the fight against cyber threats is never-ending.

The EU law enforcement cooperation agency said its No More Ransom website has saved ransomware victims almost a billion Euros with free ransomware decryption tools.

Europol has launched a new, more user-friendly website. Site visitors are greeted with a simple yes/no question: “Need help unlocking your digital life without paying your attackers?” Users who click “Yes” are directed to Crypto Sheriff, a tool that matches available decryptors to the user’s encrypted files. The site also provides guidance on preventing ransomware attacks. The key advice, however, is straightforward: “Paying the ransom is never recommended.”

No More Ransom was founded in 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. The project now boasts 16 associate partners, including Emsisoft, Trend Micro, Bitdefender, Avast, Bleeping Computer, Cisco, Check Point, Tesorion, McAfee, ESET, CERT_PL, Eleven Paths, KISA, the French Police, and F-Secure.

In total, 170 public and private sector partners have made 121 tools available for free on the site to decrypt 151 ransomware families. Over the past five years, according to Europol, those decryptors have enabled over six million people to recover their files, blocking criminals from earning as much as a billion euros.

“Digitalization … provides us with the space to store hundreds of thousands of different files: pictures of our kids and pets, electronic tickets, projects, important matrixes we have worked on for weeks, archives filled with decades of knowledge and memories,” Europol said in a statement. “Ransomware enables criminals to steal all this in an instant. That is why it is crucial to beware, be aware and protect your digital world.”

Despite Europol’s efforts, ransomware continues to thrive, with several new threats launching in the past few weeks alone.

Haron and Grief: Rebrands or Copycats?

Zscaler researchers recently examined the newly launched Grief malware, also known as Pay. Grief appears to be a rebranding of…

Source…

Preparing for the Post-Quantum Migration: A Race to Save the Internet | Womble Bond Dickinson

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


National agencies and scientific institutions are well aware of the threat of quantum computers to existing cryptography. In 2015, the United States National Security Agency first published warnings of the need to transition to quantum-resistant algorithms. One year later, the National Institute of Standards and Technology (“NIST”) began a standardization initiative for post-quantum cryptography and secure operating parameters. Post-quantum cryptography is the study of crypto-systems that can be run on a conventional computer and is sufficiently secure against both quantum and conventional computers. However, the trial process is lengthy and NIST continues to review and scrutinize potential quantum-resistant algorithms. The initiative identified five classes of cryptographic systems that are currently quantum-resistant: lattice based; multivariate-quadratic-equations; hash-based; code-based; and supersingular elliptic curve isogeny. NIST is expected to announce the first algorithm to qualify for standardization within the next two years.

During this transition period while the world awaits NIST’s findings, there are measures that can be taken now to begin securing data against quantum computing and preparing for the upcoming migration. Organizations should begin the engineering work necessary to prepare their infrastructure for the implementation of post-quantum cryptography as soon as the migration is ready. To begin preparing now, experts recommend that organizations create a reference index for those applications that use encryption and ensure that current and future systems have sufficient cryptographic agility. Reference indexing allows organizations to assess quantum vulnerabilities ensuring that all applications are migrated, minimizing the risk of incidents occurring in one part of their digital ecosystem. It is essential that organizations perform an ongoing assessment of their risks and migrate quickly to prevent systemic data insecurity.

Organizations should develop a plan to transition to quantum-resistant encryption. Planning ahead will minimize system down time and provide flexibility for responding to any implementation flaws. Organizations can utilize their…

Source…

Israel Raids Pegasus Maker NSO Group’s Offices, Company Claims It Was Only A ‘Visit’


Israeli authorities have inspected the offices of Pegasus maker NSO group’s offices as part of its investigations into the reports of spyware abuses by the company in different countries including India.

The company has claimed in a statement that it was only a ‘visit’ rather than a ‘raid’.

The Guardian reported that officials from the Israeli Defence Ministry visited the company’s offices near Tel Aviv on Wednesday. The NSO said it had been informed in advance about the inspection. “The company is working in full transparency with the Israeli authorities,” it said.

At the same time Defence Minister Benny Gantz arrived in Paris for a pre-arranged visit, in which he discussed the Pegasus revelations with his French counterpart, Florence Parly. Gantz told French Defence Minister, Florence Parly, on Wednesday that Israel is investigating the matter “with the utmost seriousness”.

The Defence Ministry said in a tweet that the visit conducted by several state bodies was related to reports by a consortium of 17 media outlets that revealed Pegasus spyware sold by NSO targeted human rights activists, journalists and lawyers across the world.

In India, over 500 individuals and groups have written to Chief Justice of India (CJI) N V Ramana seeking immediate intervention of the Supreme Court in the alleged Pegasus snooping matter and declare a “moratorium on the export, sale, transfer and use of Pegasus” spyware in the country.

The letter urged the top court to direct the Centre and the Israeli firm NSO to provide a time-bound answers to the several questions regarding the state-sponsored cyber-warfare that has been waged against Indian citizens, given the revelations of the Pegasus Project, an international collaborative investigation being conducted by several international media and research organisations.

Accusing the BJP dispensation of being responsible for the logjam in Parliament, the Congress on Thursday said the government was “avoiding” discussion on the Pegasus snooping issue in both the Houses as it has “much to hide”.

It also accused the BJP MPs of “collectively insulting” Parliament by their behaviour in the meeting of the Standing…

Source…