Weak passwords -> Ransomware -> Company shutdown | Post Quantum Quackery
#196 - A 158 year old company shuts down after ransomware attack | Is all the noise about quantum computers being able to crack modern cryptography all 'bollocks'?
A Weak Password Just Cost a 158-Year-Old Firm Its Business
A historic UK company is forced to shut down after a ransomware attack that likely started with one employee's compromised credentials.
It’s called password spraying. If you manage to get access to leaked credentials of a user, you ‘spray’ it to other possible logins that might belong to the user in the hope that the user reuses those credentials. I have written about this type of attack before:
Now, a 158 year old transportation company in the UK had to shut down as it was unable to meet the ransomware demands. [LINK]
It is believed that a weak password used by one employee led to all their systems being encrypted by ransomware.
Meanwhile, the UK government has banned government organizations from paying ransom.
Take Action:
🏢Businesses in the UK: Private businesses have to report a ransomware attack and get permission to pay the ransom. Government businesses are disallowed from making any form of ransomware payment. If you are a private business in the UK, make sure that you have a mechanism to report ransomware attacks as soon as possible.
👩🏻💻Cybersecurity professionals: There are some learnings here:
1. Implement systems that disallow the user to set previously compromised passwords.
2. Ditch Complex passwords and go for length - remember the famous XKCD cartoon about entropy
3. User training - How to set the right passwords and how NOT to repeat passwordsQuantum won’t break your cryptography…
It’s bollocks, says a computer scientist
If there is anything competing with AI for funding, it is Quantum Computing. This article questions the logic. I have written about Post Quantum Cryptography (PQC) multiple times. The first time was about the threat of Quantum computers being able to break code and the ‘Harvest Now, Decrypt Later’ attack vector.
Then, when NIST released three algorithms for PQC, I wrote about that as well:
And then, when Microsoft released an open source implementation of the PQC algorithm:
All along, I was sure that sooner or later, quantum computers would be a practical reality and would break crypto as we know it. This article questions everything.
It has become famous as the ‘Bollocks talk’. The argument states that current quantum computers, after a decade of research are only able to decrypt algorithms that can be done with an Abacus and a dog. The pdf of the presentation is humorous and brilliant.
Take Action:
Cybersecurity Professionals 🕵🏼♀️ - No action, but you can keep abreast with two sides of the PQC debate!