Cybercriminals are stockpiling massive amounts of encrypted data with plans to crack it in the future, cybersecurity experts have warned.
While this highly secured data might be unreadable and useless to hackers now, they’re waiting until quantum computing technology advances to the point where they can eventually decode it.
This new threat — dubbed “harvest now, decrypt later” attacks by cybersecurity firm NordVPN — comes with the potential for long-term data insecurity.
“Current encryption systems are still hard to break, so they are beneficial for ensuring your privacy. Nevertheless, cybercriminals already target encrypted data even if they cannot crack the decryption,” Marijus Briedis, Chief Technology Officer at NordVPN, said in an emailed statement.
“Even though quantum computing is still in the future, it will take years until the global community adapts to the new standard of encryption. We have to plan the transition to quantum-resistant algorithms now.”
Encryption is the scrambling of plain text into an unreadable form using an algorithm that safeguards sensitive data and restricts access to authorized parties. This is how banks secure online transactions and protect sensitive customer data like account numbers, passwords, and other financial information.
VPN providers use advanced encryption to create a secure and private internet connection between a user’s device and the VPN server to protect online traffic and sensitive data.
The Growing Threat of ‘Harvest Now, Decrypt Later’ Attacks
While immediate financial gain drives most cyberattacks, these new harvesting strategies are primarily aimed at state actors, the military, large corporations, or other high-value targets, experts said. However, as quantum technology advances, the scope of potential targets will likely broaden.
Given that encrypted data can be pilfered during transmission or directly from storage, cybersecurity experts believe that both aspects require reevaluation. For example, quantum computers could offer a cybersecurity breakthrough by generating truly random and unpredictable numbers that are essential for secure communication.
Briedis confirms this idea: “Quantum-safe VPN is a reality… we are now testing our technologies to make it work, and soon we can expect properly working post-quantum encryption on VPN.” Similarly, the challenge extends to data storage, with servers and cloud services needing to gear up for a post-quantum reality.
Quantum-safe storage services may involve “truly random” encryption keys that would provide robust post-quantum encryption, Briedis noted.
Recently, ENISA discussed the key challenges of artificial intelligence (AI) for cybersecurity, which includes the need to develop quantum-resistant algorithms and encryption schemes.
Transitioning to Quantum-Safety: NordVPN’s Initiative
In the face of this looming quantum threat, Briedis advises that potential targets take steps such as micro-segmentation, rotating encryption keys, staying updated with software, and bolstering resistance to phishing and social engineering attacks.
Organizations dealing with high-value information — such as trade secrets, medical records, or national security — should enhance encryption algorithms for better protection, even if they “will not reach the level of post-quantum resilience.”
Some of the current popular encryption schemes — such as RSA — could be more easily cracked by quantum algorithms, posing a serious threat to the security and privacy of sensitive data. Currently, the gold standard for encryption is AES 256-bit.
Increasing crypto-agility is also vital for an effective adaptation to post-quantum cryptography. By embracing these measures, the global community can prepare for the incoming wave of quantum computing and the unique cybersecurity challenges it brings.
As NordVPN continues to address the emerging quantum threat, we recommend staying updated with their announcements and considering how their proactive approach may factor into your VPN choice.
Check out our June 2023 NordVPN review to cover everything you need to know about this leading VPN provider.
