As we approach the end of a year that has been trying for so many reasons, yet another ransomware has been seen in the wild targeting corporationsin particular, Israeli companies. A report published by Check Point Software tells of the new ransomware, which is called Pay2Key based on the heading of its ransom note but at one point it seems its developer wanted to call it Cobalt (not to be confused with Cobalt Strike, a tool used by hackers to check for penetration vulnerabilities).

Pay2Key can be considered a new and unique ransomware variant given that, based on initial analysis, it was built from the ground up with no obvious links to other ransomware families. The ransomware is written in C++ and the encryption process is robust, with no discovered errors that could help researchers develop an encryption key. Other notable features include the now-infamous double extortion tactic and the demand amounts to decrypt files are relatively low when compared to other ransomware families$110,000 to $140,000 USD in Bitcoin. Further, the attacker will compromise the target network sometime before encryptions occur so that when the attacker does decide to deploy the ransomware they can spread the malware rapidly across a network, completing the encryption process in an hour.

Given the relative youth of the ransomware, the exact infection chain is yet to be mapped out completely. Researchers believe that access to the network is achieved manually by the attacker via a vulnerable RDP port, a favorite tactic for ransomware operators. Once the network is compromised, the attacker copies several files over to the compromised machine including Cobalt.Client.exe, the Pay2Key ransomware and important configuration files.

The configuration files deserve special mention as they only contain two entries, Server and Port. Unlike with many other ransomware strains, the server entry is not through a connection to a command-and-control server; rather, it is through the IP address of the infected machine. This approach has both advantages and disadvantages: It allows the possibility for multiple machines to communicate with the infected machine, as internal communications will be allowed; however, the address of the command-and-control server would be difficult to trace by researchers as it wouldnt be revealed via the entries, as has been seen in the past.

According to researchers, the ransomware relies heavily on object-orientated programming methodologies that emphasize organizing code around data structures rather than functions and logic. The code features well-constructed classes and uses several third-party libraries, including the popular library Boost. The code makes extensive use of log files, which have helped efforts to analyze the ransomware greatly; however, newer versions are making sure to delete log files to make further analysis far more difficult.

Files encrypted by Pay2Key ransomware:

The main class of the program, Cobalt::DataProcessing::RansomwareEngine, is responsible for most of the key features of the malware including communication, message handling, managing files and encryption. Another interesting note on the code is that Pay2Key will generate a pair of RSA keys and send the public key to the server over TCP. These keys are used to set up communication between the server and infected machine so messages can be received and the ransomware can enact them.

The ransom note can be customized to include the victims name and different ASCII art depending on the victim. Researchers also noted that the extension added to encrypted files is .pay2key; however, the code is robust enough for this to be changed to anything the attacker wants in the future.

Ransom demanding message:

During the period when the ransomware was analyzed researchers noted multiple versions had been developed, each showing slight improvements over previous versions. The most notable improvement was a housekeeping feature capable of deleting files added by the attacker and restarting the targeted machine.

Over the years the industry standard for ransomware encryption is to apply a hybrid of asymmetric and symmetric encryption algorithms, typically the use of AES and RSA algorithms. Pay2Key has adopted this standard but has included a few quirks to make it worthy of a special mention. As the command-and-control server supplies the RSA key, it can be safely assumed that the ransomware is not capable of offline encryption. The malwares developer has also opted not to include cryptographic primitives that are used to contact the victim.

The quirk in the encryption process is the use of the RC4 algorithm for some of the encryption process. RC4 is easier to implement but the cipher is easier to misuse, which could cause the encryption process to fail. To implement the cipher, the developers used a third-party implementation via Windows API; this tactic is odd in the sense that with all the choices now available to malware authors, including incredibly powerful symmetric ciphers, RC4 with its known liabilities seems counterintuitive. This would be more of an issue if the researchers could find an error in its use, but none could be found. The encryption process is solid and it is unlikely a decryptor can be developed from failure in the encryption process.

About a week after it released its initial analysis, Check Point published a follow-up analysis. This time the focus was less on the ransomwares code and more who is the possible threat actor behind Pay2Keys distribution. This information comes about as a silver lining to the fact that some of the victims ended up paying the ransomby victims paying the ransom, cryptocurrency specialists were able to trace the wallets in which the ransom was going and the services that were used to handle the Bitcoin paid by victims. While the vast majority of victims were Israeli organizations, one at least is based in Europe.

When Pay2Key initially was analyzed, the ransom notes said the attacker had stolen data from the victim and would release the information if the ransom was not paid. This forms the heart of the double extortion tactic: stealing data and then releasing it if no ransom is paid. However, during the initial analysis, there was no evidence that Pay2Key had indeed stolen data from victims. Typically, other ransomware operators set up websites on the dark web that act as a blog and information-leak site. Often the attacker will announce a victim and provide a small bit of data stolen to prove they had done what they claim.

At the time of the initial analysis, no such website appeared to be in place. That soon changed. By the time the second report was published, the attackers had started a website and leaked the data of three Israeli organizations, including sensitive data such as information pertaining to domain, servers and backups. Of the three, one was a law firm and another a game development company. Data from the law firm was released as soon as the deadline to pay the ransom was hit. The game developer apparently was given an extension, but to prove they had stolen data the attacker released information pertaining to the victims NAS servers and then released a supposed finance-related folder. In both cases, the attackers alleged to have hundreds of gigabytes of data.

At the time the second report was released, four victims had paid the ransom, giving researchers an opportunity to trace the movement of the fund, which hopefully will help prove the identities of those behind Pay2Key beyond a doubt in the near future. Once the victims paid the ransom to the wallet address mentioned in the note, attackers would then move the funds to another intermediary wallet. This wallet has been used for several victims as a stop before being sent to the final wallet. This final stop is a high-activity cluster, which suggests it was owned by a financial institution or exchange.

This assumption was proved correct. When the final wallets address was analyzed and tracked, researchers found it belonged to an Iranian cryptocurrency exchange. The exchange was set up to provide secure cryptocurrency exchange services to Iranian citizens. To use the exchanges services, the user must have a valid Iranian contact number and ID number, and to actively trade cryptocurrencies, the exchange needs a copy of the ID. This does point strongly to the attacker being Iranian; however, Iranian money mules possibly are being used to launder the funds once they reach the exchange. Here again, however, there is a strong possibility the threat actor is Iranian.

Another trend has emerged that points to the threat actors behind Pay2Key being Iranian: Iranian-led ransomware attacks targeting Israeli organizations have been noted by other security firms. In September, several campaigns were seen that were attributed to an Iranian APT group MuddyWater, known for exploiting the ZeroLogon flaw. During the campaign, researchers noted that the attackers attempted to install PowGoop, a malicious replacement for a Google update dll that has been used as a loader for the Thanos ransomware. Further, it is believed that the use of Thanos is a smokescreen to deploy more destructive malware such as wipers, a signature tactic used by several Iranian APT groups. The entire campaign has been codenamed Operation Quicksand and has received a fair amount of media attention.

The use of Thanos in such a way is reminiscent of the NotPetya attacks of 2017, in which ransomware was used as a smokescreen to cause disruption among those deemed state enemies by Russian authorities. In particular, the deployment of NotPetya was intended to cause significant disruption to the Ukrainian financial sector.

There are currently no indications that those behind Pay2Key are state-sponsored. Further, given how the attackers have been willing to use exchanges to launder the funds extorted from victims and the fact that Pay2Key doesnt include any destructive features other than the ransomware, the attacker is likely financially motivated. It is not unheard of for state-sponsored groups to pursue financial aimsthe Lazarus Group is seen to be behind VHD ransomware distributionbut currently more evidence is needed that points to a state-sponsored group behind Pay2Key.

Recent Articles By Author

Read more from the original source:
Pay2Key Ransomware Joins the Threat Landscape - Security Boulevard

The Global Encryption Software Market will be analyzed on the basis of key market vendors, their product benchmarking, SWOT analysis, and companys financial data such as annual revenue, research and development expenses, and net income, and their geographical presence. The key vendors in the Global Encryption Software Market include Dell, Eset, Gemalto, IBM, Mcafee, Microsoft, Pkware, Sophos, Symantec, Thales E-Security, Trend Micro, Cryptomathic, Stormshield. These vendors are actively involved in the organic and inorganic strategies to increase their market share and expand their geographical presence. Organic growth strategies include product launches, geographical expansion, R&D expenses, and organization restructuring. Inorganic growth strategies include merger & acquisition, partnership, and strategic collaboration.

Request for Free Sample Copy of This Report @ https://www.statsandreports.com/request-sample/296253-global-encryption-software-market-size-status-and-forecast-2019-2025

(The sample of this report is readily available on request).

This Free report sample includes: A brief introduction to the research report. Graphical introduction of the regional analysis. Top players in the market with their revenue analysis. Selected illustrations of market insights and trends. Example pages from the report.

North America accounted for the largest share in the Encryption Software market in 2020 owing to the increasing collaboration activities by key players over the forecast period

The Encryption Software market report shows the competitive scenario of the major market players dependent on the sales income, client requests, organization profile, the business tactics utilized in market which will help the emerging market segments in making vital business decisions. This study also covers company profiling, specifications and product picture, market share and contact information of various regional, international and local vendors of Global Encryption Software Market.

Detailed Segmentation:

Global Encryption Software Market, By Product Type: On-premises, Cloud.

Global Encryption Software Market, By End User: Disk encryption, File/folder encryption, Database encryption, Communication encryption, Cloud encryption.

Encryption Software Market section by Region:

Geographically, North America and other developed nations such as the U.K., Germany, France and Italy among others constitute the largest market for this sector both in terms of production, consumption and worldwide exports. Developing nations such as Brazil, India, Thailand, Korea, South Africa and China among others are observing attracting huge market opportunities for the global manufacturers. Thus the entire global market can be majorly classified into regions such as North America, Europe, Asia Pacific and the Rest of the world.

The Encryption Software Market report study covers important knowledge that makes the analysis document a handy resource for managers, business executives and alternative key people get ready-to-access and self-analyzed study along with graphs and tables to help perceive market trends, drivers and market challenges.

We are currently offering Quarter-end Discount to all our high potential clients and would really like you to avail the benefits and leverage your analysis based on our report.

Grab Your Report at an Impressive Discount (Use Corporate email ID to Get Higher Priority) @ https://www.statsandreports.com/check-discount/296253-global-encryption-software-market-size-status-and-forecast-2019-2025

It gives information on examples and upgrades, and target business parts and materials, cut-off points and progressions. This report contains a section on the worldwide market and all its related organizations with their profiles, which gives important information relating to their viewpoint regarding accounts, product portfolios, investment plans, and marketing and business methodologies.

Encryption Software Report Objectives:

Analysing the size of the global Encryption Software market on the basis of value and volume. Accurately calculating the market shares, consumption, and other vital factors of different segments of the global Encryption Software market. Exploring the key dynamics of the global Encryption Software market. Highlighting important trends of the global Encryption Software market in terms of production, revenue, and sales. Deeply profiling top players of the global Encryption Software market and showing how they compete in the industry. Studying manufacturing processes and costs, product pricing, and various trends related to them. Showing the performance of different regions and countries in the global Encryption Software market. Forecasting the market size and share of all segments, regions, and the global Encryption Software market.

The market opposition is frequently developing greater with the rise in scientific innovation and M&A activities in the industry. Additionally, many local and regional vendors are offering specific application products for varied end-users. The new merchant applicants in the market are finding it hard to compete with the international vendors based on reliability, quality and modernism in technology.

Get Customized Report in your Inbox within 24 hours at: https://www.statsandreports.com/enquiry-before/296253-global-encryption-software-market-size-status-and-forecast-2019-2025

This study by Stats and Reports is all-encompassing framework of the dynamics of the market. It mainly comprises critical assessment of consumers or customers journeys, current and emerging avenues, and strategic framework to enable CXOs take effective decisions.

Our key underpinning is the 4-Quadrant Framework EIRS that offers detailed visualization of four elements:

Customer Experience Maps. Insights and Tools based on data-driven research. Actionable Results to meet all the business priorities. Strategic Frameworks to boost the growth journey.

About Us

Stats and Reports is a global market research and consulting service provider specialized in offering wide range of business solutions to their clients including market research reports, primary and secondary research, demand forecasting services, focus group analysis and other services. We understand that how data is important in todays competitive environment and thus, we have collaborated with industrys leading research providers who works continuously to meet the ever-growing demand for market research reports throughout the year.

Contact:

Stats and ReportsMangalam Chamber, Office No 16, Paud RoadSankalp Society, Kothrud, Pune, Maharashtra 411038Phone: +1 650-646-3808Email: [emailprotected]Website: https://www.statsandreports.comFollow Us on: LinkedIN | Twitter |

Original post:
Encryption Software Market to Witness Astonishing Growth by 2027 | Dell , Eset , Gemalto and more - Cheshire Media

But different parts of your IT operation will require different approaches to security.

Backend security is a major priority across all business sectors. You can think of the backend as a repository for all of the software, technology and information that enables your presence on the internet and allows your mobile applications to run smoothly. For larger organisations, the backend will contain a wide range of information, including planning, marketing details, payment data and inventory data. As you can see, the backend data can be highly sensitive and if your security is breached, it can have dire legal and financial consequences.

The backend of a business also typically uses a different sort of software and technology. While the frontend, which is focused on customer interface, employs tools such as HTML or CSS, the backend is associated with server technology. This could entail software such as PHP, NodeJS, Ruby, C or Java. Keeping this part of your operation secure involves protecting your databases, securing access, and effective authentication, and any lapses can put you at risk of cyber-attack.

Of course, strong backend data security is about more than smart technology it also requires strategic thinking. One key principle is to keep the servers that handle the database and the application on separate physical machines. It can be useful to employ a high-performance server to host a business application, but when it comes to storing customer data, the sensible approach is to opt for an entirely separate database server that provides a high level of data security, including proper access permission and multifactor authentication. These are all aspects found particularly in companies that require payment data and other sensitive details, such as Amazon, eBay or online casinos.

Enforcing strict access control to backend databases is crucial, which is why organisations that store substantial amounts of sensitive data, such as banks or online casinos, employ encryption to protect this information and ensure that access through de-encryption is only available to legitimate users.

One method of protecting the backend is searching encryption. Like all forms of encryption, it allows business processes to read backend data but without compromising that data or risking exposure. Searching encryption takes the inventive approach of encrypting information and then using specially created queries to challenge the backend database.

A Public Key Encryption Scheme or PEKS depends on the data owner generating a number of trust tokens, which can then be used in a verification process, enabling the server to verify if the chosen keyword is available within the database. The full potential of this method has not yet been explored but it does have considerable potential for boosting security.

With homomorphic encryption, calculations are performed on encrypted information but without decrypting it initially. There are multiple forms of homomorphic encryption, but all such schemes provide a different set of operations on the encrypted data and this form of encryption is a particularly versatile method that offers a number of different use cases.

This is a security system that offers practical confidentiality to protect against attacks on applications that are backed by SQL databases. The result of research carried out by MIT, CryptDB provides a balanced approach, utilising various encryption techniques. This is another promising encryption technology, although it is still being developed and improved.

Another approach to controlling a large backend database is trust compartmentation, which involves offloading critical functions to a smaller service, which runs in a tightly controlled system. The most popular way to do this is to hand the function of managing encryption and the management of keys to a Hardware Security Module, or HSM. Most mainstream business databases can be served by a HSM and many HSMs can be integrated into an open source system. Alternatively, some organisations rely on running their database in a secure environment backed by traditional security measures, including Host IDS and Mandatory Access Control, using such technology as SELinux.

The fast-evolving threat of cybercrime requires an equally inventive and dynamic approach from security experts to come up with effective ways to protect an organisations backend. This fight to secure your important and sensitive data will always require vigilance, and every business owner and IT head should ensure that they are fully acquainted with all of the latest developments in backend security, for the benefit of their organisations and their customers.

Go here to read the rest:
The tech and security backends that keep your data safe - Business MattersBusiness Matters

Global Encryption Software Market Report from AMA Research highlights deep analysis on market characteristics, sizing, estimates and growth by segmentation, regional breakdowns& country along with competitive landscape, players market shares, and strategies that are key in the market. The exploration provides a 360 view and insights, highlighting major outcomes of the industry. These insights help the business decision-makers to formulate better business plans and make informed decisions to improved profitability. In addition, the study helps venture or private players in understanding the companies in more detail to make better informed decisions.

Major Players in This Report Include,

IBM (United States), Microsoft (United States), Symantec (United States), Thales e-Security (France), Trend Micro (Japan), Sophos (United Kingdom), Check Point (Israel), Micro Focus (United Kingdom), McAfee (United States) and Dell (United States)

Free Sample Report + All Related Graphs & Charts @: https://www.advancemarketanalytics.com/sample-report/9364-global-encryption-software-market

Definition

Encryption software is a cryptographic program that avoids unauthorized access to digital data. Cryptography is used primarily to protect data digital information. This digital information is sent over the Internet to other computers. Portable document format is one of the worlds most widely used file formats and to maintain the privacy of records, this file format supports the encryption of files. Portable document format encryption is an important desktop tool that allows the user to change the security of existing acrobat portable document format files by password. This ensures that with 128-bit encryption users can secure portable document format files and also users can easily remove existing password protection.

Global Encryption Software Market Report offers a detailed overview of this market and discusses the dominant factors affecting the growth of the market. The impact of Porters five armies on the market over the next few years has been discussed for a long time in this study. We will also forecast global market size and market outlook over the next few years.

Types of Products, Applications and Global Encryption Software Market Report Geographical Scope taken as the Main Parameter for Market Analysis. This Research Report Conducts an assessment of the industry chain supporting this market. It also provides accurate information on various aspects of this market, such as production capacity, available production capacity utilization, industrial policies affecting the manufacturing chain and market growth.

Enquire for customization in Report @: https://www.advancemarketanalytics.com/enquiry-before-buy/9364-global-encryption-software-market

In this research study, the prime factors that are impelling the growth of the Global Encryption Software market report have been studied thoroughly in a bid to estimate the overall value and the size of this market by the end of the forecast period. The impact of the driving forces, limitations, challenges, and opportunities has been examined extensively. The key trends that manage the interest of the customers have also been interpreted accurately for the benefit of the readers.

The Encryption Software market study is being classified by Type, Applicationsand major geographies with country level break-up that includes South America (Brazil, Argentina, Rest of South America), Asia Pacific (China, Japan, India, South Korea, Taiwan, Australia, Rest of Asia-Pacific), Europe (Germany, France, Italy, United Kingdom, Netherlands, Rest of Europe), MEA (Middle East, Africa), North America (United States, Canada, Mexico).

The report concludes with in-depth details on the business operations and financial structure of leading vendors in the Global Encryption Software market report, Overview of Key trends in the past and present are in reports that are reported to be beneficial for companies looking for venture businesses in this market. Information about the various marketing channels and well-known distributors in this market was also provided here. This study serves as a rich guide for established players and new players in this market.

Get Reasonable Discount on This Premium Report @ https://www.advancemarketanalytics.com/request-discount/9364-global-encryption-software-market

Current Scenario Analysis for Decision Framework

Key Strategic Developments in Encryption Software Market:

The research includes the key strategic activities such as Research & Development (R&D) initiatives, Merger & Acquisition (M&A) completed, agreements, new launches, collaborations, partnerships & (JV) Joint ventures, and regional growth of the key competitors operating in the market at global and regional scale to overcome current slowdown due to COVID-19.

Key Market Features in Global Encryption Software Market

The report highlights Encryption Software market features, including revenue size, weighted average regional price, capacity utilization rate, production rate, gross margins, consumption, import & export, demand & supply, cost bench-marking in Encryption Software market share and annualized growth rate (Y-o-Y) and Periodic CAGR.

Extracts from Table of Contents

Global Encryption Software Market Research Report

Chapter 1 Global Encryption Software Market Overview

Chapter 2 Global Economic Impact on Industry

Chapter 3 Global Market Competition by Manufacturers

Chapter 4 Global Revenue (Value, Volume*) by Region

Chapter 5 Global Supplies (Production), Consumption, Export, Import by Regions

Chapter 6 Global Revenue (Value, Volume*), Price* Trend by Type

Chapter 7 Global Market Analysis by Application

.continued

This report also analyzes the regulatory framework of the Global Markets Encryption Software Market Report to inform stakeholders about the various norms, regulations, this can have an impact. It also collects in-depth information from the detailed primary and secondary research techniques analyzed using the most efficient analysis tools. Based on the statistics gained from this systematic study, market research provides estimates for market participants and readers.

Contact US:

Craig Francis (PR & Marketing Manager)

AMA Research & Media LLP

Unit No. 429, Parsonage Road Edison, NJ

New Jersey USA 08837

Phone: +1 (206) 317 1218

[emailprotected]

Originally posted here:
Encryption Software Market Expected to Boost the Global Industry Growth in the Near Future - Cheshire Media

Even before the pandemic, digital communication was the norm via phone, text, email, and a plethora of messaging services. Now, with the pandemic transforming how we work, digital communication has cemented its position in workplaces globally.

Platforms such as Zoom, Microsoft Teams or Google Meet have become commonplace while more mature platforms like Whatsapp and Skype have expanded their user base.

However, in an age of data privacy, digital communication channels present a security risk. Every time a message is sent it could be seen by people other than the recipient. These range from criminals and malicious elements to governments and the companies that provide the services.

As such, end-to-end encryption (E2EE) has become a major selling point for messaging services to guarantee security and protection. However, its use has its controversies governments have pushed back against it amid claims it prevents legal authorities gathering evidence.

In fact, Austrian TV network ORF recently revealed a draft EU resolution aimed at limiting the use of E2EE.

Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society. At the same time, the European Union needs to ensure the ability of competent authorities in the area of security and criminal justice, e.g. law enforcement and judicial authorities, to exercise their lawful powers, both online and offline, the draft said.

Given that the EU has one of the worlds most privacy-friendly regimes, the move against E2EE is significant development. Furthermore, the use and advocacy of E2EE by tech giants is part of a larger conflict between the companies and authorities across the West.

End-to-end encryption is a method to ensure that any digital communications remain between the sender and the recipient no third parties can read it, including the server that facilitates the transmission.

Data is encrypted at the point of origin and decrypted at the end point, and only those two parties have the keys to do so. Anyone able to intercept the message would receive only encrypted data, and at present there is no reliable way to guess or decrypt the information without the key.

E2EE does have limitations, however. It does not hide message metadata, such as the time the message was sent and who it was sent to.

It also only protects the message in transit once the message reaches its endpoint, it is still vulnerable to attack and needs to be covered by other security measures.

Whatsapp introduced E2EE in 2016 while Facebook Messenger offers it as a separate service, with plans to roll it out as standard.

Google recently began testing end-to-end encryption on its Messages service across one-to-one conversations. Similarly, Zoom began technical previews of E2EE in October, with feedback determining whether it will expand its use.

Perhaps ironically, the cases both for and against end-to-end encryption focus on crime. As a secure form of encryption, E2EE stops messages from being intercepted mid-transit. And although other encryption methods may prevent cybercriminals from eavesdropping on messages, what E2EE offers exclusively is keeping the service providers from accessing the messages.

This protects the sender and recipient from criminals who have managed to access the servers systems, or potentially from rogue actors within the organisation itself.

It also guards against legitimate, if unwanted, use by organisations; such as the storage and analysis of personal data for commercial purposes.

For companies that deal with confidential and sensitive information such as health data, for example, having verifiable privacy credentials is vital. Using messaging services with E2EE helps ensure the integrity of the data.

That said, every company uses and produces sensitive information financial data, customer data, information about job listings and redundancies. In many cases, there is a legal mandate to ensure that this information remains private.

As such, E2EE has a valid use case in maintaining compliance with data protection legislation. This is especially important in the age of GDPR, when a data breach can potentially put a company out of business.

However, the appeal offered by E2EE means that some companies have been falsely claiming to offer it. Zoom was taken to court in America earlier this year claims it exaggerated the level of encryption it offers.

Opponents of end-to-end encryption claim that it enables criminal activity, including child abuse and terrorism. It is telling that the recent EU draft proposals come in the wake of a series of terror attacks in France and Austria.

In additon, it was revealed that Facebook is behind the vast majority of reported online child abuse images. The UKs National Crime Agency has warned that if Facebook rolls out E2EE, this could effectively reduce that number to zero, allowing the perpetrators to operate undetected and unhindered.

Despite this, Facebook has not said that it will delay or rethink plans to rollout E2EE.

This takes place against the background of a larger conflict between tech companies that has been playing out across the US and EU. In the US, for example, Apple and the FBI have been involved in a lengthy dispute over whether US courts can compel the company to unlock cell phones to provide evidence.

On a practical level, there are cases where E2EE is undesirable. Weaker forms of encryption that share unencrypted data with the server, increase the range of services the platform can offer. This includes storing message history and connecting additional participants using alternative channels into a conversation (useful for group calls).

Ironically, for a protocol designed to prevent cyberattacks, E2EE can actually interfere with cybersecurity operations by making it impossible to detect threats contained in messages, or to analyse them for potential data breaches.

As 2020 draws to a close, hope that 2021 will see an end to the pandemic is growing. However, new ways of working, such as the use of digital technology and flexible conditions, are likely here to stay.

That unfortunately means that the rise in cyberattacks over the pandemic is unlikely to ebb. As such, ensuring adequate data protection will be vital over the next few years, with E2EE providing one of the most secure standards available.

While its future may well be in question, it is undoubtedly wiser to take precautions now than risk a potential breach waiting for the authorities to decide its fate. And although both sides of the argument present compelling arguments, they have been deadlocked for years.

The future of encryption will be a key area of discussion at the upcoming Data Protection Virtual Summit on 10th December.

Hear from leading experts from across the data protection landscape and explore the crucial issues facing frontline practitioners.

Register your free place now at https://www.dataprotection-summit.com/

Like Loading...

Related

Read the rest here:
Data Protection | The Pros and Cons of End-to-End Encryption - DIGIT.FYI

Commercial Encryption Software Market Report aims to provide an overview of the industry through detailed market segmentation. The report offers thorough information about the overview and scope of the market along with its drivers, restraints and trends. This report is designed to include both qualitative and quantitative aspects of the industry in each region and country participating in the study.

Key players in global Commercial Encryption Software market include:

Dell,Thales E-Security,Eset,IBm,Mcafee,Gemalto,Sophos,Microsoft,Symantec,Pkware,Venustech,FEITIAN,Trend Micro,Sangfor Technologies Inc.,Stormshield,Zhongfu,Cryptomathic and more.

Request sample copy of this report athttps://www.reportsintellect.com/sample-request/1073482?utm_source=startupng&utm_medium=24

This study specially analyses the impact of Covid-19 outbreak on the Commercial Encryption Software, covering the supply chain analysis, impact assessment to the Commercial Encryption Software market size growth rate in several scenarios, and the measures to be undertaken by Commercial Encryption Software companies in response to the COVID-19 epidemic.

This report also splits the market by region: Breakdown data in Chapter 4, 5, 6, 7 and 8.

Americas, United States, Canada, Mexico, Brazil, APAC, China, Japan, Korea, Southeast Asia, India, Australia, Europe, Germany, France, UK, Italy, Russia, Middle East & Africa, Egypt, South Africa, Israel, Turkey and GCC Countries.

Inquire for a Discount athttps://www.reportsintellect.com/discount-request/1073482?utm_source=startupng&utm_medium=24

The scope of this research report extends from the basic outline of the Commercial Encryption Software Market to tricky structures, classifications and applications. This research report also provides a clear picture of the global market by presenting data through effective information graphics. It also provides a detailed list of factors that affect market growth.

A detailed study of the competitive landscape of the Global Commercial Encryption Software Market has been given along with the insights of the companies, financial status, trending developments, mergers & acquisitions and SWOT analysis. This research will give a clear and precise idea about the overall market to the readers to take beneficial decisions.

Commercial Encryption Software Report provides future growth drivers and competitive landscape. This will be beneficial for buyers of the market report to gain a clear view of the important growth and subsequent market strategy. The granular information in the market will help monitor future profitability and make important decisions for growth.

Objective of Studies:

To provide detailed analysis of the market structure along with forecast of the various segments and sub-segments of the global Commercial Encryption Software market.

To provide insights about factors affecting the market growth. To analyse the Commercial Encryption Software market based on various factors- price analysis, supply chain analysis, Porte five force analysis etc.

To provide historical and forecast revenue of the market segments and sub-segments with respect to four main geographies and their countries- North America, Europe, Asia, Latin America and Rest of the World.

To provide country level analysis of the market with respect to the current market size and future prospective.

To provide country level analysis of the market for segment by application, product type and sub-segments.

To provide strategic profiling of key players in the market, comprehensively analysing their core competencies, and drawing a competitive landscape for the market.

To track and analyse competitive developments such as joint ventures, strategic alliances, mergers and acquisitions, new product developments, and research and developments in the global Commercial Encryption Software market.

About Us:

Reports Intellect is your one-stop solution for everything related to market research and market intelligence. We understand the importance of market intelligence and its need in todays competitive world.

Our professional team works hard to fetch the most authentic research reports backed with impeccable data figures which guarantee outstanding results every time for you.

So whether it is the latest report from the researchers or a custom requirement, our team is here to help you in the best possible way.

Contact Us:

[emailprotected]

PH +1-706-996-2486

Go here to see the original:
Commercial Encryption Software Market Will Generate Record Revenue by 2025 - The Haitian-Caribbean News Network

Recent years have seen a step-change in French government operations. An unprecedented modernisation agenda has created new ways of working for officials and civil servants alike.

As part of a drive for more efficient and effective collaboration, the Interdepartmental Digital Directorate (DINUM) set out in late 2017 to develop a secure messaging service for members of the government to communicate safely.

Mainstream messaging applications, such as Signal, Telegram and WhatsApp, were not deemed suitable for a government-wide messaging solution. These centralised, proprietary apps would keep French government data within their own systems.

They offer little transparency, says Jrme Ploquin, project director at the State Digital Directorate, Prime Ministers Services.

We didnt know about what backdoors might be in place. We couldnt be sure about the quality of the end-to-end encryption, nor audit the solutions. Data would be off our own servers, and probably out of the country. The Patriot Act creates ambiguity, and the providers business models were not suitable for government use. We saw them as consumer-grade solutions.

DINUM, in partnership with Frances National Agency for Information System Security (ANSSI), scoured the world for potential solutions. Ownership and digital sovereignty topped the list of daunting selection criteria. Confidentiality and security were also critical, as was usability for a system that would be used by the countrys highest officials and hundreds of thousands of civil servants. For a system that would need to scale across Frances entire civil service and eventually its respective ecosystems, it also had to be open, interoperable and support a huge number of users.

Although DINUM wasnt looking for an open source solution specifically, it discovered Matrix; a decentralised communication protocol developed with interoperability and privacy in mind. Element, whose founders also lead the open source Matrix project, helped DINUM deploy the Matrix-based Tchap solution.

Matrix is an open network for secure, decentralised communication. It is the foundation for a completely different approach to real time collaboration.

Being decentralised enables people and organisations to host their own conversations; keeping data within their control (via on-premise hardware, private cloud, or cloud provider) rather than being stored by the service provider. That instantly delivered Tchaps need for ownership and data sovereignty.

An open protocol, Matrix-based systems interoperate seamlessly. That gave Tchap the ability to federate across every organisation within the French public sector. Each organisation can simply be added to the solution, and instantly be able to easily communicate and collaborate with other departments. Scalability and interoperability were clearly addressed by Matrix.

Matrix also supports genuine end-to-end encryption meaning that messages can only be decrypted by the people participating in the conversation based on the Double Ratchet Algorithm, open sourced, and subject to cryptographic review by NCC Group. That gave Tchap the assurances it was looking for around security.

Despite Matrix being a relatively new protocol, it was technically advanced and had a large, active open source community. It was proven, and really quite mature, says Ploquin.

The flagship client app, Element, was still very new and we decided to use that as a base for our client app across Android, iOS and web, explains Ploquin.

We wanted to reflect the French governments colours in the user interface and simplify some aspects to tailor it for widespread use across a collection of organisations with potentially over five million people. We also wanted an antivirus to protect against external threats.

Tchap Agent went live in April 2019 and was rolled out across all ministries. By March 2020 Tchap had around 80,000 daily active users, making it one of the worlds largest deployments of a collaboration tool; the sheer size of the user base reflecting just how many different organisations the Matrix-based solution was able to support.

Within weeks, the user base doubled to 160,000 as the coronavirus pandemic saw the vast majority of Frances civil service switch to home-based working. Tchap scaled easily, and enabled Frances public sector to adjust quickly to an unprecedented new normal.

Tchap is an excellent example of what we describe as universal secure collaboration, explains Elements co-founder and chief operating officer, Amandine Le Pape.

Universal means that it is open, and therefore easy to federate across different organisations. Any Matrix-based client is instantly interoperable with it, and it can also be bridged into other open protocols like IRC, or into proprietary systems such as Slack.

It takes a completely different approach to the vast majority of messaging and collaboration; self-hosting data, decentralisation, end-to-end encryption and cross-signing to verify participants as well as supporting the usual protections such as anti-virus.

And, more than just a messenger, it is a complete collaboration tool that allows secure file sharing, screen sharing and all types of possibilities around integrations and connectivity.

Tchap has enjoyed positive feedback as it has rolled out across the public sector, with over 80 per cent of users saying it has delivered big benefits. Like any project, particularly for a public one of this size, there have been twists and turns, says Ploquin. We had teething troubles, a security scare, and the inevitable changes in requirements.

We also scaled from 80,000 to 160,000 daily active users almost overnight, and have seen people adopt and adapt Tchap in the most delightful of ways. Human beings are at their best when they communicate, and Tchap allows them to do that in new and previously unthinkable ways.

The G7 in Biarritz, for example, in August 2019, was an early demonstration of Tchap being used to manage a high-security event. It is now routine for the emergency services to coordinate through Tchap to ensure more effective working in response situations.

The impact of Tchap bringing together communities of people with shared goals is perhaps the most satisfying thing for Ploquin:

Were seeing people from a wide range of organisations participate in rooms dedicated to particular topics; from our ambassadors in Africa coordinating their response to the pandemic, to best practice discussions around challenges such as cybercrime. People are proactively sharing their knowledge, helping everyone to improve what they do.

Tchaps rollout continues, with the current focus on the regions, and Frances principalities. That will take Tchaps user base to around 300,000 people, although there is little to stop the system being adopted right across Frances public sector.

Although Tchap is already a huge deployment, in many ways were just getting started. We want to encourage Tchap users to innovate with how they use the platform. From hospitals to education, we imagine enabling all sorts of new uses as people better understand the power and flexibility that Tchap offers.

See original here:
Inside the French governments mission to develop an encrypted messaging platform - NS Tech

FACEBOOK chief Mark Zuckerberg must end the firms encryption plans to aid cops tracking criminals, campaigners say.

Their demand comes after an online pervert admitted 96 offences against 51 children.

2

Cops fear he could have gone undetected had the toughened messaging been in place.

Labourer David Wilson, 36, of Ipswich, posed as teenage girls to get boys to send him photos and video of themselves.

He used Facebook Messenger which is set to be tightened so only a sender and recipient can read or modify a message.

2

Andy Burrows, the NSPCCs head of child safety online policy, said: The choice is clear for Mark Zuckerberg.

"Pause end-to-end encryption until he can prove it will not hold back police, or risk letting offenders like Wilson abuse kids unseen.

Cops fear terrorists will also evade capture. Rob Jones, National Crime Agency director of threat leadership, said: We get tens of thousands of reports every year about paedophiles from Facebook.

He warned encryption will be turning out the lights for policing.

A Facebook spokesman said: Child exploitation and grooming have no place on our platforms.

Breaking

PUB PROBLEMSAll the loopholes which mean you can order a pint WITHOUT a meal in Tier 2

Breaking

FALLEN EMPIREPhilip Green's Arcadia empire collapses with 13K jobs at risk

MAPPED OUTCovid cases rise in just 17 places in England are they falling where YOU live?

COVID CLAIMSEx-NHS worker who called Covid 'a load of b*****ks' films 'empty' A&E

OUT OF STOCK-INGBritain faces Xmas gift shortage in two weeks as shops run out of stock

Latest

TESTING TIMESMatt Hancock to lead No10 press conference tonight with testing update

Facebook has led the industry in developing new ways to prevent, detect, and respond to abuse and we will continue to work with law enforcement to combat criminal activity.

End-to-end encryption is already the leading technology used by many services to keep people safe and we will build on our strong anti-abuse capabilities at WhatsApp when we roll it out on our other messaging services.

For example, through a combination of advanced technology and user reports, WhatsApp bans around 250,000 accounts each month suspected of sharing child exploitative imagery."

GOT a story? RING The Sun on 0207 782 4104 or WHATSAPP on 07423720250 or EMAILexclusive@the-sun.co.uk

Here is the original post:
Facebook urged to end encryption to help cops stop paedophiles using app - The Sun

EU ministers say they are making moves to gain access to encrypted data to help protect the world against terrorist attacks.

In a statement released in early November, ministers argued that gaining access to digital information is becoming more important, and that police forces gaining access to this data is essential for preventing and eliminating terrorist action.

The statement comes after EU internal documents on encryption and child sex abuse were released, as well as news of potential issues with end-to-end encryption and child sex images on Facebook.

It was discovered in October this year that Facebooks messenger app accounts for 94% of millions of child sex abuse images reported by tech companies.

Despite this, Facebook owner Mark Zuckerberg says that the company intends to add end-to-end encryption in the future which would be designed to improve user privacy across all its platforms.

End-to-end encryption is a tool used by apps such as WhatsApp and Facebook Messenger to provide a greater level of privacy.

When a user sends a message, a unique code is allocated to the message which can only be decoded by the recipient. This stops the messages being intercepted and read by government agencies or hackers.

However, this raises major national security concerns, as the traditional monitoring of criminals cannot be carried out, and EU regulators say this could be allowing terrorists to organise attacks.

In the released statement, the Ministers said: Access to digital information is becoming ever more crucial whether it is traffic data or in some cases, content data and the mobility of this data demands effective cross-border instruments because otherwise terrorist networks will in many cases be a step ahead of the investigating authorities.

The competent authorities access to the digital information, that is essential for preventing and eliminating terrorist action must with respect for fundamental rights be ensured and boosted, especially by concluding the current work on cross-border access to electronic evidence and by devising a way forward on data retention for crime-fighting purposes.

End-to-end encryption has been a contentious for many years now, especially since the rise of internet usage and online communication apps, and Facebook appears to be a particular target.

As well as the movement of child sex images, in December last year, NSPCC questioned Facebooks adoption of encryption into its services, stating that its plans could create dangerous conditions for children online.

The firms encryption strategy was also attacked in October 2019 by Home Secretary Priti Patel, who claimed that the decision to encrypt messaging services would restrict law enforcement agencies and put citizens in danger.

Like Loading...

Related

Read more from the original source:
EU targets end-to-end encryption tools after rise in terror attacks - DIGIT.FYI

Part of the reason why people end up trusting messaging services such as WhatsApp in spite of the fact that it is owned by Facebook, a company that isnt well known for caring about things like the privacy of its users, is because of the fact that it has end to end encryption. WhatsApp competitors such as Signal also offer this kind of encryption, and as a result of the fact that this is the case you can rest assured that nobody would ever be able to read the messages that you send since they would be encrypted in a highly untraceable manner.

With all of that having been said and now out of the way, it is important to note that European legislators appear to be trying to work towards getting rid of this encryption, or at the very least making it so that they would have a means of cracking through it if they need to investigate someone or the other. A big part of the reason what that is the case has to do with the fact that the continent has seen a surge in terrorist attacks recently with eight people having been killed by terrorists in three separate countries in the past couple of months alone.

While it is understandable that a government that is facing a terrorism crisis would want to eliminate any potential channels of communications that would allow terrorists to communicate privately and secretly, at the same time a lot of people are criticizing this as an assault on user privacy. User privacy is the sort of thing that has ended up becoming rather sacred as the internet has become an intrinsic part of our day to day lives, and a government trying to compromise it will never be seen as a good thing.

Some are also criticizing this as an attempt to make it easier for governments to conduct surveillance on whoever they choose, something that a lot of people are weary of since it is a pretty slippery slope that can lead to a lot of terrible situations.

Read next:Google is planning to enforce upgraded privacy standards for Chrome extensions soon

View post:
European Legislators Move to Eliminate End-to-End Encryption in Messaging Services Following Terror Attacks - Digital Information World