Delteks Federal Cloud Computing Market, 2020-2022 Report predicts federal cloud investments will reach $7.8 billion by fiscal 2022.For government agencies, migrating resources to the cloud increases flexibility, efficiency and promises enhanced security features.But in a cloud-centric world, security is increasingly complex. While security tools do exist within platforms, users may accidentally or unknowingly disable security features.

Additionally, cloud-based applications must be protected from cloud infrastructure attacks, including insider threats.This requires encrypting data at rest and end-to-end encryption for data-in-transit. Taking it a step further than encryption itself, agencies must consider security and access to the keys used to encrypt data.

Have You Seen My Keys?

When employing a cloud solution, agencies may enlist multiple providers to create a multi or hybrid cloud environment. Utilizing multiple clouds can mean encryption keys end up stored in more than one location across various infrastructures, enhancing the risk of the keys falling into the hands of a bad actor.

In the same way we use a key to lock valuable assets in a safe deposit box, agencies can lock up encryption keys for personally identifiable information, such as email addresses and mobile device management credentials. Locking encryption keys grants agencies the ability to control access to keys, manage key rotation and handle data within a specific region, which is especially helpful in government, as agencies face FISMA compliance regulations.

The cloud will continue to grow in importance for federal agencies and the time is now to ensure the government cloud is as secure as possible. The Cloud Security Alliance recommends encrypting data in the cloud and managing the encryption keys on-premises within a FIPS-certified boundary. Keys should be managed and secured in a FIPS 140-2 certified key manager.

Tamper-resistant FIPS 140-2 Level 3 Hardware Security Modules provide the highest level of security against internal and external threats that may result from an increased number of endpoint devices connecting to resources via the cloud.

Cloud Encryption and Mobile Applications

Cloud-based applications often connect directly to mobile and other endpoint devices. By processing and storing data on the cloud, mobile applications can function more efficiently, extending battery life and improving reliability. However, with multiple cloud applications connecting to agency resources through mobile devices, the threat landscape is greatly expanded.

Cloud-based applications on mobile devices can also serve as entry points for bad actors through malicious apps, mobile phishing and more. As such, encryption and other cloud security must extend to mobile.

Protection on mobile devices needs to include, but go beyond, cloud encryption for comprehensive mobile endpoint security. Precautions, such as user education and a zero-trust policy that extends to mobile, can ensure mobile devicesand the information they contain stay safe.

To fully protect an agency and its information, mobile security needs to protect applications, networks and devices from phishing and other mobile threats. While workers may be able to identify phishing attacks on desktops or laptops, it becomes much more difficult on mobile devices. Attacks may be harder to spot due to small screen size and layout of a mobile device but can gain the same access to agency data if successful.

Cloud Is Here to Stay

As agencies continue to prioritize cloud in a government, the ability to manage encryption keys offers assurance that sensitive data can never be accessed or controlled by unauthorized individuals. This includes apps on mobile endpoint devices, which constantly communicate with the cloud, transferring data to and from the device. Mobile security must extend to the cloud, keeping agencies and the devices accessing their resources protected from cybercriminals and malicious nation-states as attacker strategies evolve.

Tim LeMaster is vice president ofWW Systems Engineering at Lookout.

Go here to read the rest:
Leveraging Encryption Keys to Better Secure the Federal Cloud - Nextgov

This story was originally published June 30 in the Daily Post. To get all of the local news first, pick up the Post in the mornings at 1,000 Mid-Peninsula locations.

BY ELAINE GOODMANDaily Post Correspondent

The Berkeley Police Department might decide to keep one of its radio channels unencrypted, meaning the public would be able to listen in to some police activities, an official said yesterday.

If Berkeley keeps a radio channel public, it would be a departure from the approach taken by Palo Alto, Mountain View and Los Altos, which fully encrypted their police radio transmissions earlier this year.

The Berkeley Police Department is still undecided if we will encrypt BPD-1 as well; or just BPD-3 (RB-1), Berkeley Police Capt. Kevin Schofield said in a written statement provided to the Post.

Details werent immediately available on what information would be transmitted over BPD-1 versus BPD-3. A police department manual on the citys website described BPD-1 as a primary channel for patrol officers, and said RB-1 is used to communicate with the records center.

The question of encrypting police radio transmissions comes after the California Department of Justice in October told law enforcement agencies that they have to protect individuals personally identifiable information and criminal justice information when using the California Law Enforcement Telecommunications System, or CLETS. Examples of information that needs protecting are a persons drivers license number, Social Security number or criminal history.

The DOJ memo, from Joe Dominic, chief of the California Justice Information Services Division, described two ways a law enforcement agency could protect the information: by encrypting radio traffic, or establishing a policy to not publicly broadcast certain types of information.

Police scanners go silent

Police departments in cities including Palo Alto, Mountain View, and Los Altos responded to the DOJ memo by going to full encryption of their radio channels. News reporters and the public can no longer tune in using police scanners to hear what officers in those cities are doing. Police scanners have been in existence for about 70 years.

But some cities are taking a different approach. As the Post reported last month, the San Francisco Police Department will partially encrypt its radio transmissions when it moves to a digital system this year.

San Francisco dispatchers will use a public channel to send officers to an incident, such as a report of a robbery at a particular location. After that, radio communications related to the incident will be encrypted and the public wont be able to listen in. But when the incident concludes, dispatchers will state on an unencrypted channel what the outcome was, for example, officers took a report or made an arrest.

San Francisco officers will check a persons drivers license information or criminal history using encrypted channels.In Berkeley, whose police department is closer in size to that of Palo Alto, the move to encryption is complicated by a number of factors, according to information obtained by the Post through a public records request.

The department noted that Berkeley is a member of the East Bay Regional Communications System, or EBRCSA, a radio system that operates under a joint powers agreement between Alameda and Contra Costa County. EBRCSA owns and manages the digital radio system.

It could take more than two years for EBRCSA members to move to encryption. In the meantime, the Berkeley PD is taking steps to protect subjects personal information.

Phones for confidential information?

In the interim, we will attempt to use our MDTs, department cellular phones, or land line telecommunications to transmit and receive PII, the police department stated in a letter. An MDT is a mobile data terminal, or computer, that officers use in their patrol cars. PII refers to personal identifiable information.

In Palo Alto, Police Chief Robert Jonsen said in a January blog post that alternative methods of protecting personal information, such as using cell phones, are not operationally practical or safe for our personnel.

In Berkeley, officers have a strategy to help protect personal information when cell phones or MDTs arent feasible and they transmit the information over the radio. In those cases, officers will break up the personal information by transmitting details such as a persons name, birthday and address in separate transmissions, or even in different channels, Berkeley PD said in its letter.Budget shortfalls may hamper the move to encryption, the letter said.

Due to Covid-19, we are anticipating budget shortfalls in our projected revenue for projects such as this, the letter stated. In addition, the community is asking to reduce our budgets.

The letter ends by referring further questions to Lt. Peter Hong. Hong did not respond to the Posts request for a telephone interview yesterday.

Previous stories about the encryption of police radios

June 16, 2017, Palo Alto to spend $4 million on new radio system; Redwood Citys experience was a fiasco

Jan. 6, 2021, Police cut off their radio transmissions to the public

Jan. 8, 2021, Editorial, Police decision to encrypt police radio transmissions reduces transparency

Jan. 11, 2021, Mayor says that encrypting police radio signals was a mistake

Jan. 11, 2021, Palo Alto Council will discuss police radio encryption, Mountain View will follow Palo Altos lead

Feb. 14, 2021, Opinion, Encryption isnt a mandate, its a choice

March 29, 2021, Police chief willing to consider alternatives to full encryption but lacks examples

April 1, 2021, One city is reluctant to switch to encrypted police radio

April 5, 2021, Palo Alto Police ask state if they can temporarily drop encryption

May 24, 2021, San Francisco finds an alternative to full encryption of police radios

May 27, 2021, Opinion, 55 days later and state DOJ hasnt complied with records request for information on police radio encryption

See the article here:
If full encryption of police radios necessary? Berkeley may allow public to hear one of their channels - The Daily Post

The companies apply the data encryption process in their businesses because it offers the best protection against unauthorized access to data.

FREMONT, CA: The cyber threat landscape is becoming increasingly volatile. Today ransomware threats are becoming a common occurrence. The risks are serious, and people's confidential information is in danger. If data security is the primary priority, innovative data encryption is the best technique companies can utilize.

Encryption and cryptography are complicated concepts to understand. For the ordinary individual, the more they learn about it, the more they realize how little they know.

Data encryption is the most effective method of preventing unauthorized access to data. Even though encryption has been demonstrated to be essential for businesses that hold large amounts of sensitive data, it is still not universally used, and much crucial information remains unsecured and vulnerable to hackers. All data, whether at rest or in transit over a network, can be encrypted.

For businesses, implementing efficient data encryption for the first time can be difficult, with the most challenging part is determining where to start. The process of implementing data encryption techniques can be made more accessible by following best practices.

Assess the Data to Encrypt

The companies must evaluate which data can cause the most damage if lost or compromised before encrypting it. Encrypt sensitive information like credit card numbers, names, social security numbers, and trade intellectual property.

To comply with the current compliance regulations, personally identifiable information (PII) needs specific encryption. Even if regulations do not require encryption, it may be the only reasonable and acceptable security for sensitive data and must be used.

Establish Appropriate and Secure Key Management

Once data encryption is in place, the companies must ensure that all decryption keys are appropriately secured and backed up. Before deploying encryption, such keys constitute security vulnerabilities that must be recognized and resolved. Find a safe place to keep encryption keys, and make sure it's not in the same place as the data. It is also essential to keep the backup key in a separate location.

To reduce the risk of isolation generating vulnerabilities, centralize key management is crucial. Keys must be kept in a hardware security module (HSM), which offers hardware-based security.

Assess Encryption Performance

Be sure to evaluate the efficiency of the data encryption method after it has been successfully implemented. If data encryption generates performance problems, like excessive CPU usage, companies must consider using an alternative encryption algorithm or encryption tool.

Logging tools can aid in evaluating the encryption's performance by providing information on what data is being obtained, who is accessing confidential data, and when.

Excerpt from:
Benefits of Adopting Data Encryption in Businesses - CIOReview

Cyberattack

Consumers are more aware than ever about the privacy and protection of their digital identities. According to a recent Prosper Insights and Analytics survey, 64% of adults are somewhat or very concerned about the privacy of their personal identity when shopping online. But beyond retailers tracking their online activity, customers are also concerned about the protection of their data following recent upticks in cyberattacks. So, what steps are retailers and other organizations taking to proactively protect their customers' and employees digital identities?

Prosper - Privacy Online

To gain a better understanding of how and why organizations need to prioritize protecting customers personal information or risk lost business and reputation, I connected with John Grimm, VP of Strategy and Business Development at Entrust, a global leader in trusted identity, payments and data protection. We spoke about organizations shifting their focus to improve security posture and his predictions for data protection in 2021 and beyond.

Gary Drenik: As organizations mobilized for remote work when pandemic lockdowns hit, new risks to sensitive data were created just as quickly. Can you talk us through how organizations have adjusted their data protection strategies to protect their most critical data?

John Grimm: The pandemic put even more pressure on organizations to scrutinize their security strategies to protect against threats. As increased hacking, like phishing attacks, became regular headline news, organizations quickly realized that keeping their companies secure meant more than improving VPN bandwidth for remote workers. Instead, they needed to focus on ensuring authorized workers have simple but secure ways of accessing sensitive information and that its protected from bad actors using a proven mechanism like encryption. So, even if a bad actor were to penetrate their network and steal information, it would be useless to them if the encryption keys were well protected.

According to our 2021 Global Encryption Trends Study, for the first time, 50% of organizations reported having an overall encryption strategy applied consistently across their organization and 37% reported at least a limited encryption strategy. This tells us that while deploying encryption strategies can be complex and time-consuming, enterprises recognize that they will benefit from prioritizing encryption solutions especially when it means increasing trust with customers and decreasing risk to their business.

Drenik: Now that we understand how organizations are increasingly adopting and using encryption, can you share a few examples of how encryption is being used in these organizations today? What are they encrypting?

Grimm: Encryption use cases are plentiful and different organizations choose to use them in different ways. The most mature and common use cases for encryption include internet communications, databases, internal networks, and backups and archives. However, over the last four years, weve seen newer encryption use cases emerge like containers, cloud services, big data repositories, and Internet of Things (IoT) devices and platforms.

When it comes to what these organizations are encrypting, the conversation isnt as straightforward. More than half of organizations believe the main driver for encryption is protection of customers personal information. However, payment-related data, financial records, intellectual property and employee/HR data are all more regularly encrypted than customer information. So, were seeing a clear disconnect between perceived threats and the realities of deploying encryption for customer data. This disconnect is likely due to the increased difficulty of protecting customer data in all the different locations and platforms where its stored and processed. Another surprising finding is that, despite its sensitivity, health-related information is the least likely to be encrypted.

Drenik: Is this enough? What threats and use cases will they need to focus on in 2021 to avoid losing customer trust and brand reputation?

Grimm: Consumer trust is paramount, and it's essential for organizations to identify potential risks before they jeopardize it. According to the study, employee mistakes continue to be the most significant threats to sensitive data, followed by system or process malfunctions, then hackers.

As the world continues to digitally transform, encryption technology and the way enterprises use it is more relevant than ever. While encryption and key management is complex, it is essential for enterprises to thrive amid expanding threats. Careful attention to key protection, and diligent discovery of new locations that sensitive data is finding its way to, are critical to a successful data protection strategy.

Drenik: We saw every industry undergo some form of digital transformation over the last year to maintain relevance and convenience for their customers. Are there any industries that are ahead of the game or falling behind when it comes to data protection?

Grimm: Weve found a steady increase in encryption in all industry sectors, except for communications and service organizations. The most significant increases in extensive encryption usage have occurred in manufacturing, hospitality, and consumer products.

However, the financial services industry was the target of constant attacks in 2020, and respondents rated the threat of malicious insiders higher than any other industry. Despite financial institutions deploying encryption, they need to stay agile to prevent serious breaches from jeopardizing customers' information by implementing a follow the data strategy to all locations where that data exists. By going a step further and implementing hardware security modules (HSMs) to protect encryption keys and encryption operations in certified, purpose-built hardware, financial institutions can keep customer data secure.

Drenik: We know that as organizations evolve their security strategies, attackers are evolving their strategies as well. What are the top challenges for organizations as they continue deploying encryption to protect against breaches?

Grimm: Were seeing organizations struggle to protect data in multiple locations, especially as they increasingly transition to the cloud. When deploying encryption to protect data in multiple cloud environments, its critical to manage the associated encryption keys in accordance with industry best practices. That becomes difficult at scale, particularly given that the average organization today uses eight different products that perform encryption.If organizations fail to implement lifecycle key management, including regular key rotation, they risk creating a vulnerability to sensitive customer information.

The good news is that security teams are starting to meet this challenge with HSMs. Encryption keys can be more effectively managed using HSMs, and our data shows their adoption is growing: two-thirds of respondents named HSMs as paramount to encryption or key management strategies.

Drenik: Lets talk about your predictions for encryption and data protection in 2021 and beyond. How do you anticipate the threat landscape will change? Will organizations employ new tactics to address these changes? Is there anything organizations can do to ensure their information is safe?

Grimm: In 2021, the transition to hybrid work environments will further push organizations to improve security practices and remain vigilant in their efforts to avoid a data breach, as these environments have created new destinations and potential exposures for sensitive data.

In addition to encrypting sensitive data, authentication is a critical safeguard to prevent unauthorized account access. Virtually every data breach can be traced back to compromised user credentials. Hybrid work multiplies this risk underlining the need for multi-factor authentication that provides an added layer of defense by requiring multiple credentials before employees can access an organizations network.

Drenik: Thanks, John, for weighing in on the state of encryption today and what it means for the safety of customers trusted digital identities. I look forward to connecting again to see how organizations continue navigating the complexities of data protection.

View post:
Why Organizations Must Shift Encryption Strategies To Protect Customer Information In Light Of Todays Threats - Forbes

Lansing, Michigan Luke Lauterback has begun Mining cryptocurrency Because he was cold. Mining cryptocurrencies on his underground computer replaced the space heater.

At some point, I realized it was like throwing away my electricity and money, Rotorbach said. So,Well, my computer gets hot. Why dont you try this cryptocurrency and see if you can make a few dollars trying to replace the space heater?'

Cryptocurrency mining requires a lot of power, so the rotorback computer gets hot enough to keep him warm.

According to the report, a single Bitcoin transaction uses the same amount of power that the average American home consumes in a month. Digiconomist, And is responsible for about one million times more carbon emissions than a single visa transaction.

Cryptocurrency mining on his underground computer has replaced their space heaters.

Cryptocurrencies like Bitcoin are basically digital money, and those who mine it help create it. Mining basically uses a computer to verify cryptocurrency transactions.

Computers perform complex math problems through mining software. Every time the computer solves a math problem correctly and validates a transaction, a small amount of cryptocurrency is created. The percentage of that new currency goes to the miner.

For one husband and father, Lauterback, being a miner was quite beneficial.

For one husband and father, Lauterback, being a miner was quite beneficial.

Whenever the computer is idle, it mine for about 23 hours a day, he said. Ive been doing this for about six months and Im making about $ 230 a month.

Even if you dont know anything about technology, you can easily get started with crypto mining in just a few minutes, he added.

Its so easy that cryptominig has taken off in recent years. Small investors, backed by their support for billionaires like Elon Musk and currencies like Dogecoin, also promoted the spread of practices.

A January 2021 Survey by New York Investment Group We found that an estimated 22% of adults in the United States are investing in Bitcoin. Of these respondents, 83% are considering including Bitcoin in their future financial plans.

So whats the problem? Environmental impact of all computers mining crypto.

Thomas Holt is the director of the Criminal Justice School at Michigan State University. He studies cryptocurrencies and says that if they continue to grow, their environmental impact can be enormous.

Mainly because we use so much electricity to produce the mine, the impact can be quite large, he said.

Mainly because we use so much electricity to produce the mine, the impact can be quite large.

China does most of the worlds crypto mining, most of their electricity depends on coal.

Therefore, the impact of coal on the environment is part of the problem, Holt said.

Bitcoin is one of the most environmentally friendly currencies, depending on how currency creation works.

Bitcoin is one of the most environmentally friendly currencies, depending on how currency creation works.

They use the so-called proof of work to validate transactions within the blockchain, Holt said. That basically means that you have multiple computers, multiple mining systems, all trying to solve math puzzles at the same time. The first one to get it right is , Get credit on the blockchain.

Some new cryptocurrencies are moving away from the proof of work and using the proof of stake.

The Proof of Stake uses much less energy, but retains a more sustainable future for cryptocurrencies because it is obtained from only one computer that eliminates mining.

Ethereum mined by Rotorback is one of the cryptocurrencies that will switch to the Proof of Stake.

Ethereum mined by Rotorback is one of the cryptocurrencies that will switch to the Proof of Stake.

Ethereum will move to Ethereum 2.0 in the next few years and will stop mining to consume less electricity than it does now, said Roterbach. What that means to me is that I can no longer mine Ethereum, and this will probably not be profitable within a few years, but it will be eliminated, so its for the crypto community That environmental barrier will be positive overall.

The TRG data center in Houston, Texas, investigated which cryptocurrencies were the most environmentally friendly and ranked them by the amount of energy needed to power each transaction.

click here To read that list.

This story was originally published by Sarah Grimmer at the Scripps Station WSYM In Lansing, Michigan.

xfbml : true, version : 'v2.9' }); }; (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/en_US/sdk.js"; js.async = true; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));

View post:
Encryption can be lucrative, but with environmental costs - Floridanewstimes.com

It is obvious that end-to-end encryption of chats protects the confidentiality of users from falling into wrong hands including their photos, videos, and important chats that is why many messaging applications including WhatsApp, Messenger, and Telegram use end-to-end encryption. However, this encryption process can also become very dangerous for children and youngsters as the cases of harassment have been increasing during the pandemic situation. These criminals take the advantage of chat encryption and try to sexually harass kids. Therefore, the UK has requested messaging apps not to use end-to-end encryption because the accounts of children should always be kept under supervision so that it becomes easy to catch those criminals.

The DCMS has directed the social media applications like Facebook, Twitter, Instagram, and other messaging platforms to avoid the procedure of chat encryption. Last month, the Online security bill was also passed in the parliament of the UK which insists that the content of the people on social media websites should be sheltered from prohibited material, and it will be the duty of the social platform to take some strict actions against the extreme contents and the criminals involved in scams such as child abuse, romance swindles, and harassment.

The Government of the UK wants to protect the rights of children at any cost because the increasing cases of child abuse have become an alarming situation for all social media platforms. Therefore, they should supervise the varieties of content even from extreme to light harm. If the Government of the UK follows its own unreliable concepts such as safety means that protection needs to be substituted by extensive shadowing to retain the children safe on the social platform. However, this was not the first time unrealistic proposal that was given by the government of the country, another idea was also given about two years ago that the social apps to verify the ages of all people using the platform but later it was considered controversial because of the reason that it can put the confidentiality of users at danger.

Now solitary suggestion has been set in the latest bill to evade the practice of e2e. Though, the confirmation of ages of people and all classes of material observing tools also seem to propagate the outcome of recent tactic. Social media companies have given their opinion that if the strategy is just to keep an eye on content material of users, it will merely destroy the liberty of expression because the department of the UK is trying to promote the country as the safest country where you can conveniently go online. The policy leader named Heather Burns for ORG has said that the strategy of the government for this bill is to put a limit on chats, if not the absolute illegalization of the e2e process.

Many ministers of the country were targeting encryption procedure as the worst idea because it could also protect the terrorists. Under new PMs of the country, child defense rhetoric has treaded high to the rule that where messaging apps are promoted to evade the encryption tool on chats of children. Heather Burns the policy director for ORG has criticized the idea of this bill is to make Britain as safest home; in fact, it will give show adverse consequences such as numerous companies will vacillate to do business in the country. He further said that the people of the UK should get VPN to keep their info safe and sound. In the segments of the DCMS direction, it is clearly written in highlighted words that e2e is putting the users at risk therefore; the government officials are trying to impose the safety law on the internet. The one thing that can disrupt utmost dangerous portions of the recent bill that if the citizens of the country rouse up to perils it postures to the confidentiality of all people using the social platforms and if adequate parliament ministers should take action and try to modify.

In May, ORG accompanied by thirty further human rights protection cohorts called parliament ministers to merely ensure that and assist retain citizens information confidential by defending the e2e tool from lawmaking coercions that is a caveat that this simple safekeeping practice is at danger from sections in the recent bill that brings the condition to businesses to observe private chats as a substantiation. Open Right Group has proposed that those companies who want to guard the confidentiality of users through e2e will be considered as a breach of law and that will result in half shutdowns or can be arrested in the country.

An appeal has been made in the parliament of the UK that the e2e process should be promoted as wrongdoing or those companies trying to secure the information of their users should be keeping outside of the bills requests. One minister named Caroline Dinenage has stated that the government of the country wants to assist corporations to maintain their security standards before the requirement of the internet bill is implemented. This was the advice to all natures of businesses whether small or giant in the country to start defending the rights of children even from now on.

According to a new update, the representative of the Govt. has said that it was the voluntary direction for businesses to make their platforms environment more secure for kids and this can be done through e2e tool like that is reliable with the shield of citizens and enterprises should certify that they have sufficient extenuations to protect youngsters. DCMS has recently acknowledged the chat encryption process and further said that there is not any inconsistency in its stand on the safety of users of apps that is indispensable for nationwide development.

Photo: Getty / Maskot

Read next:Google Play Store Has a Serious Privacy Problem with Android Apps for Kids

Link:
UK Government has suggested messaging apps to avoid using end-to-end encryption on the accounts of children because that can be harmful to them -...

Security researchers have made a connection between a new strain of ransomware and the cyber criminal gangbehind the Trickbot botnet.

Fortinet discovered the ransomware after it was blocked by the companys FortiEDR product on a customers system. Two files were isolated that were not found on VirusTotal:locker.exeandlocker64.dll. the two bits of malware were deployed a day apart.

While locker64.dll appeared to be a Conti (v3) ransomware, locker.exe was entirely different. The second ransomware was dubbed Diavol by researchers.

Researchers said that as part of a rather unique encryption procedure, Diavol operates using user-mode Asynchronous Procedure Calls (APCs) without a symmetric encryption algorithm.

Usually, ransomware authors aim to complete the encryption operation in the shortest amount of time. Asymmetric encryption algorithms are not the obvious choice as they are significantly slower than symmetric algorithms, said researchers.

The researchers said that asDiavol was deployed in conjunction with the Conti ransomware in this attack, albeit on different machines,they tried to see if there was any correlation between them. They found that command-line parameters used by Diavol are nearly identical to those of Conti and used for the same functionality: log file, encrypt local drives or network shares, and scan specific hosts for network shares.

In addition, Diavol and Conti both operate similarly with asynchronous I/O operations when queuing the file paths for encryption, said researchers.

The researchers said there might also be a link between Diavol and Egregor ransomware. Some lines in the ransom note are identical, they said. Although this is not reliable as it could simply be a red herring that Diavols authors planted.

Some have reported a link between Wizard Spider, the threat actor behind Conti, and Twisted Spider, the threat actor behind Egregor. Allegedly, these gangs cooperate on various operations. They are also both notoriously known for double ransoming their victims (data theft and encryption), researchers added.

Researchers said the source of the intrusion is unknown. The parameters used by the attackers, along with the errors in the hardcoded configuration, hint to the fact that Diavol is a new tool in the arsenal of its operators which they are not yet fully accustomed to.

As the attack progressed, we found more Conti payloads namedlocker.exein the network, strengthening the possibility the threat actor is indeed Wizard Spider. Despite a few similarities between Diavol, Conti, and other related ransomware, its still unclear, however, whether theres a direct link between them, the researchers added.

Spotlight: The state of the UK & Ireland mid-sized business and IT today 2021

The UK and Irelands mid market firms faced a difficult 2020 but have a strong platform for recovery

The secure cloud configuration imperative

The central role of cloud security posture management

Empowering the dynamic worker

How CIOs and IT teams can support a distributed workforce

A new trust model for the 5G era

Data-in-motion security through a 5G infrastructure

More:
Diavol ransomware linked to Trickbot botnet - IT PRO

by Milan Stanojevic

Deputy Editor

As you probably know, Windows 11 was recently announced, and it brings a wide array of new features as well as some specific requirements.

Regarding Windows 11 hardware requirements, the new change everybody is talking about is the TPM chip, and unless you have it, you wont be able to upgrade to Windows 11 due to TPM 2.0 errors.

There are two versions of TPM, and in this guide, were going to compare TPM 1.2 vs 2.0 and see which one is better.

TPM was first introduced by Trusted Computing Group in 2009, and since then it has been used in computers, ATM devices, and set-top boxes.

As for the TPM 1.2, it was released in 2005, and it has received the last revision in 2011. On the other hand, TPM 2.0 was released initially in 2014, while the latest revision being from 2019.

The two versions have various differences, but before we start comparing them, lets see what TPM does and how it protects your PC.

TPM stands for Trusted Platform Module, and its a dedicated microcontroller that provides encryption features and an additional layer of security to your PC.

TPM is usually a chip on your motherboard, but it can be also integrated inside of the CPU, or it can run in firmware separately. Some motherboards have TPM connectors, so you can add a TPM chip on your own.

Theres also a completely virtual TPM that runs on a software level, but many experts believe that its not as safe as its physical counterpart.

TPM is used mostly for encryption, and it will generate and store parts of the encryption keys. This means that if you want to unlock an encrypted drive, youll need to use the same TPM chip that generated the encryption key.

Since the encryption key isnt stored on your drive, its harder for hackers to decrypt your data since they need access to the TPM chip as well.

TPM chips also have tamper protection, and in case the chip or motherboard is tampered with by a hacker, the TPM should still be able to keep your data locked.

In addition to encryption, the TPM can protect your PC from bootloader malware by verifying the boot loader. In case your bootloader has been tempered with, TPM will prevent your system from booting.

TPM also has a Quarantine Mode that you can use to fix bootloader issues. Lastly, TPM stores all your passwords inside it, which makes them secure from hackers.

As for other uses, TPM is used for digital rights management, protection of software licenses, and in some cases, as prevention from cheating in video games.

TPM 2.0 is an improvement over TPM 1.2, and while they are similar, you should know that TPM 2.0 isnt compatible with TPM 1.2.

TPM 1.2 has a one-size-fits-all specification, while the 2.0 version has platform-specific specifications that define which parts of the library are mandatory or optional.

As for algorithms on TPM 1.2, SHA-1 and RSA are required, while the AES is optional. With TPM 2.0, SHA-1 and SHA-256 are required for hashes.

RSA and ECC with Barreto-Naehrig 256-bit curve and a NIST P-256 curve are used for public-key cryptography and asymmetric digital signature generation and verification in TPM 2.0.

As for symmetric digital signature generation, the TPM 2.0 is using the HMAC, and 128-bit AES for symmetric-key algorithms.

The difference between algorithms is noticeable, which makes TPM 2.0 a far secure solution.

Regarding the crypto primitives, the TPM 1.2 and 2.0 offer the following:

Despite sharing the same features, TPM 2.0 uses Direct Anonymous Attestation using the Barreto-Naehrig 256-bit curve, so its safer to use.

In terms of hierarchy, TPM 1.2 has just the storage hierarchy, while TPM 2.0 has a platform, storage, and endorsement hierarchy.

Regarding the root keys, only SRK RSA-2048 is supported with TPM 1.2, while the TPM 2.0 supports multiple keys and algorithms per hierarchy.

As for authorization, TPM 1.2 uses HMAC, PCR, locality, and physical presence. TPM 2.0 offers the same authorization features as well as password protection.

In terms of NVRAM, TPM 1.2 supports only unstructured data, while TPM 2.0 supports unstructured data, Counter, Bitmap, Extend, PIN pass and fail.

As you can see, TPM 2.0 offers a wide array of improvements, and its a more secure choice when it comes to data protection and encryption.

Heres a quick overview of the algorithms that TPM 1.2 and TPM 2.0 support.

TPM 1.2 only uses the SHA-1 hashing algorithm, which is a problem since SHA-1 isnt secure, and many agencies started moving to SHA-256 in 2014.

Microsoft and Google removed the support for SHA-1 based signing of certificates in 2017. Its also worth mentioning that TPM 2.0 supports newer algorithms that will improve drive signing and key generation performance.

TPM 2.0 also offers a more consistent experience, and the lockout policy is configured by Windows. With TPM 1.2, the implementations vary by policy settings, which can be a security concern.

We also have to mention that certain features such as device encryption, Windows Defender System Guard, Autopilot, and SecureBIO are available only when using TPM 2.0.

Heres a list of features that TPM 1.2 and TPM 2.0 support:

When it was first announced, the Windows 11 hardware requirements stated that Windows 11 will work with TPM 1.2 and TPM 2.0, with the latter being a more secure choice.

According to the documentation, an upgrade to Windows 11 would be allowed with a TPM 1.2 chip, but not advised. However, Microsoft has updated its documentation, and currently, the TMP 2.0 stands as the requirement for Windows 11.

This leads us to believe that TPM 2.0 is the requirement for Windows 11 and that users with TMP 1.2 chips wont be able to use Windows 11.

However, theres a way to install Windows 11 without TPM, if youre tech-savvy. On the bright side, it seems that some Windows 11 systems will work without TPM 2.0 chips, which is great news for many.

Although TPM was developed initially for business users, the technology is now available on home PCs as well.

While encrypting your data isnt essential for home users, if you want to ensure that your files are safe at all times, then encrypting your files and using TPM is a must.

Not all encryption requires TPM, but using it offers a layer of hardware security which makes it harder for hackers to access your data.

It offers tampering protection, so you can rest assured that your encrypted files will stay protected against hackers even if they try to modify your hardware.

TPM isnt just used for file encryption, and youre probably using it as a home user without even knowing it. If youre using Windows Hello feature, youre already using a TPM.

Your passwords and PINs are also stored in TPM, even for home users. Lastly, TPM provides you with a Secure Boot feature that stops bootloaders from infecting your PC.

So even if youre not a business user and you dont encrypt your data, you still benefit from TPM as a home user.

TPM 1.2 and TPM 2.0 have their benefits, and with recently announced Windows 11 requirements, the TPM chips will become a must-have, so if you dont own a TPM chip, you might want to consider buying a TPM chip.

So which version of the TPM is better? The answer is pretty simple, the TPM 2.0 is newer, more secure, and it offers more security features, it works better with Windows, and we can safely say that TPM 2.0 is a better choice than TPM 1.2.

Thank you!

Join the conversation

Read the rest here:
TPM 1.2 vs 2.0: Here's everything you need to know - WindowsReport.com

The global application-level encryption market was valued at US$ 718.5 Mn in 2019 and is expected to expand at a CAGR of 25% from 2020 to 2030, reaching US$ 8 Mn by the end of the forecast period.

Application-level encryption solutions help in improving data accuracy in encrypted digital form, minimizes operational cost, and simplifies different data-related operational processes. Thus, the increasing adoption of encryption software to avoid cyber attacks and internal data breaches has led to a rise in demand for application-level encryption solutions

The Application-Level Encryption Market Report discusses the current state of the industry as well as potential business developments across the globe. The report provides pinpoint analysis for changing competitive dynamics. It offers a forward-looking perspective on different factors driving or limiting market growth. It provides a five-year forecast assessed on the basis of how they Application-Level Encryption Market is predicted to grow. It helps in understanding the key product segments and their future and helps in making informed business decisions by having complete insights of market.Additionally, with the emergence of the pandemic, the effect of Covid-19 is analyzed within the report.

The report provides detailed competitive intelligence to make users aware of all the recent innovations and developments with respect to their competition. The strategy, key patterns, market developments along with micro and macro details of competitive market landscapes are well curated in the report. The report has added the forecasts, investigation, and discussion of significant industry trends, market volume, market share estimates, and profiles of the leading industry players. The precise figures and statistical representation of the Application-Level Encryption market are provided. In addition, the report comprises an investment feasibility analysis explaining the total technical feasibility of this undertaking and the price structure.

Download FREE Sample Copy of Application-Level Encryption Market Report @ https://www.researchmoz.us/enquiry.php?type=S&repid=1506791

Some well-established players in the Application-Level Encryption market are Baffle, Inc., Blue Star Limited, Chino Srls, Dell, Inc., F5 Networks, Inc., Futurex, IBM Corporation, McAfee LLC, Micro Focus International plc, Microsoft Corporation, nCipher Security, LLC, NetLib, Security, Inc.

The global Application-Level Encryption market report looks at the markets main segments and sub-segments, which are divided into product types, applications, and regions. Aside from the devastating economic effects of the Covid-19 outbreak, the study examines the markets dynamics by examining the main output of each segment as well as the segments possible expansion reach in the coming years. The scope of the markets growth potential, revenue growth, product selection, and pricing factors relevant to the global Application-Level Encryption market in terms of applications are also thoroughly evaluated in the report in order to provide a more holistic image of the market.

Market Segment By Deployment

Market Segment By Enterprise Size

Market Segment By Applications

Market Segment By Region:

Regional analysis is another highly comprehensive part of the research and analysis study of the global Application-Level Encryption market is presented in the report. This section sheds light on the sales growth of different regional and country-level. It provides detailed and accurate country-wise volume analysis and region-wise market size analysis of the global market

The report focuses on the main regions and the main countries including:

Do You Have Any Query? Ask to Our Industry Expert @ https://www.researchmoz.us/enquiry.php?type=E&repid=1506791

The key questions addressed through this innovative research report:

On the whole, the report proves to be an effective tool that players can use to gain a competitive edge over their competitors and ensure lasting success in the global Application-Level Encryption market. The Report broadcasts comprehensive study of the Application-Level Encryption market to anticipate the imminent expansion of the industry. Examining this Application-Level Encryption report can act as a platform for users who intend to take advantage of each and every opportunity in the industry

The content of the study subjects, includes a total of 14 chapters:

Chapter 1 describes Application-Level Encryption product/service scope, market overview, market opportunities, market driving force, and market risks.

Chapter 2 profiles the top manufacturers of Application-Level Encryption market, with product pricing, sales, revenue and global market share of Application-Level Encryption.

Chapter 3 analyses the Application-Level Encryption competitive situation, sales, revenue. The global Application-Level Encryption market shares of top manufacturers are analyzed emphatically by landscape contrast.

Chapter 4 showcases the Application-Level Encryption breakdown data at the regional level, to discuss the sales, revenue, and growth by regions.

Chapter 5, 6, 7, 8, and 9 emphasize the sales data at the country level, with sales, revenue, and market share for key countries in the world.

Chapter 10 and 11 explain the segments by sales under type and application, with market shares and growth rate under each category.

Chapter 12 depicts Application-Level Encryption market forecasts by region, type, and application, with sales and revenue projections, from 2020 to 2030.

Chapter 13 and 14 describe Application-Level Encryption sales channel, distributors, customers, research findings and conclusion, appendix, and other data sources.

Enquire for Discount Or Get Customization of Report @ https://www.researchmoz.us/enquiry.php?type=D&repid=1506791

About ResearchMoz

ResearchMoz is the one stop online destination to find and buy market research reports & Industry Analysis. We fulfil all your research needs spanning across industry verticals with our huge collection of market research reports. We provide our services to all sizes of organisations and across all industry verticals and markets. Our Research Coordinators have in-depth knowledge of reports as well as publishers and will assist you in making an informed decision by giving you unbiased and deep insights on which reports will satisfy your needs at the best price.

For More Information Kindly Contact:

ResearchMoz

90 State Street,

Albany NY,

United States 12207

Tel: +1-518-621-2074

USA-Canada Toll Free: 866-997-4948

Email: sales@researchmoz.us

Follow us on Twitter: https://twitter.com/researchmoz

Browse More Reports on: https://latestmarketstatus.blogspot.com/

Originally posted here:
Application-Level Encryption Market is expected to expand at a CAGR of 25% from 2020 to 2030 KSU | The Sentinel Newspaper - KSU | The Sentinel...