The Encryption Battle Will Continue in 2018
Posted on January 16, 2018
While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to try to force Apple to help the government decrypt messages sent by the San Bernardino terrorist attackers. A few months ago, Rosenstein picked up that torch, discussing the need for government access to encrypted information in two separate speeches in October, then repeating his views in the wake of November’s mass shooting at a church in Texas. On January 10, Wray raised the subject in a speech, referring to it as “an urgent public safety issue.” At the same time, as tech companies are quick to point out, the rising tide of information snooping by foreign governments and private actors makes the need for strong encryption greater than ever. The Trump Administration’s strong law-and-order stance, and relative lack of sympathy for tech companies and civil libertarians, mean that 2018 could lead to new developments in this area.
PUTTING IT INTO PRACTICE: Keep an eye on the federal government’s actions in this area; they could affect the future of encrypted communications, including the cybersecurity tools your company relies on.
2017 Saw Ransomware on the Rise – 2018 Will See Even More
Posted on January 8, 2018
It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service among many other infections, and Not Petya, which attacked many international companies’ computer systems.
Ransomware’s success at blocking users from accessing their own systems and demanding payment in order to restore that access stems from two key developments in the past decade. First, improvements in the strength and adaptability of encryption have given ransomware authors the tools to remotely lock up another person’s system. Second, the development of cryptocurrencies has given them the ability to demand and receive ransom funds that are difficult to trace.
Alarmingly, 2017 witnessed the appearance of the first ransomware worm, a version of ransomware that self- replicated and infects new systems on its own. On the plus side (if there can be such a thing) many of the year’s worst ransomware attacks utilized a known vulnerability in certain Microsoft products, for which Microsoft had already issued patches. Those companies that implemented the patch quickly avoided infection.
While particular vulnerabilities have a short shelf-life, the ability of ransomware to take advantage of newly-identified vulnerabilities and turn them into profitable schemes for unprincipled hackers means this problem is not going away. Right now, it’s estimated that a ransomware attack occurs every 40 seconds. By next year, it’s expected to be down to 19 seconds.
PUTTING IT INTO PRACTICE: In addition to being vigilant about emails from unknown sources, make sure your company implements software patches as quickly as it can. This seemingly small administrative issue could save you millions of dollars.
                    Eye on Privacy 2018 Year in Review 34