Windy Haven Ltd

February 23, 2023 — As part of the Post-Quantum Telco Network Taskforce, GSMA has published, with contributions from members IBM, Vodafone, and others, the Post Quantum Telco Network Impact Assessment: an in-depth analysis of the quantum security threats facing the telecommunications industry and a detailed, step by step list of potential solutions to prepare for these threats.

The report, which debuted ahead of GSMA’s annual Mobile World Congress in Barcelona, maps out a clear path for telco organizations to work across their ecosystems to protect data from cybercriminals acting today to tap into the potential power of future quantum computers. It includes:

A telco-specific assessment of the business risk of quantum cyber threats, including four of the highest impact attack types: store now, decrypt later; code signing and digital signatures; rewriting history; and key management attacks.
Discussion of standardization for hardware and software changes, such as SIM cards, public key infrastructure, digital certificates and CPE devices.
Specific approaches to quantum-safe algorithms and risk assessment frameworks, including code-based, lattice-based, hash-based, multivariate-based, and hybrid approaches.
Timelines of several government plans that have been launched to implement quantum-safe encryption (Australia, Canada, China, France, Germany, Japan, New Zealand, Singapore, South Korea, the UK and the U.S.).
Examples of quantum-safe applications to several telco domains, including devices, 5G networks, SIMs, Operating systems, ERP, infrastructure and the cloud.
According to the report, it is widely considered that by 2032 there will be completion of a large fault-tolerant quantum computer capable of running crypto-analytic algorithms that could threaten current cryptographic approaches.

The advent of such technology requires immediate preparation, as some forms of attack may be retrospective (e.g. “store now, decrypt later”). Motivated bad actors may be harvesting and storing data now in order to decrypt it once certain quantum computing capabilities become available. As stated in the report, such actors may do this to “undermine the security of data with long-lived confidentiality needs, such as corporate IP, state secrets or individual bio-data.”

To learn more about these issues and what can be done today to protect against future quantum attacks, download the Post Quantum Telco Network Impact Assessment.

IBM has spent years building a global team of cryptography experts to develop quantum-safe schemes and preparation plans. Just in the last year, IBM not only contributed to the development of three of the four algorithms chosen in 2022 by the US National Institute of Standards and Technology (NIST) for post-quantum cryptography standardization; the team also deployed the industry’s first quantum-safe system, IBM z16; launched a suite of IBM Quantum Safe services; and was an initial member of the GSMA Post-Quantum Telco Network Taskforce.

ARMONK, N.Y., Feb. 22, 2023 — IBM Security today released its annual X-Force Threat Intelligence Index finding that although ransomware’s share of incidents declined only slightly (4 percentage points) from 2021 to 2022, defenders were more successful detecting and preventing ransomware. Despite this, attackers continued to innovate with the report showing the average time to complete a ransomware attack dropped from 2 months down to less than 4 days.

According to the 2023 report, the deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers last year. About 67% of those backdoor cases related to ransomware attempts, where defenders were able to detect the backdoor before ransomware was deployed. The uptick in backdoor deployments can be partially attributed to their high market value. X-Force observed threat actors selling existing backdoor access for as much as $10,000, compared to stolen credit card data, which can sell for less than $10 today.

“The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term,” said Charles Henderson, Head of IBM Security X-Force. “But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of datapoints from network and endpoint devices, incident response engagements and other sources.

Some of the key findings in the 2023 report include:

• Extortion: Threat Actors Go-to Method. The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. Europe was the most targeted region for this method, representing 44% of extortion cases observed, as threat actors sought to exploit geopolitical tensions.
• Cybercriminals Weaponize Email Conversations. Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% compared to 2021 data.
• Legacy Exploits Still Doing the Job. The proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022, due to the fact that the number of vulnerabilities hit another record high in 2022. The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.

Extortion Pressure Applied (Unevenly)
Cybercriminals often target the most vulnerable industries, businesses, and regions with extortion schemes, applying high psychological pressure to force victims to pay. Manufacturing was the most extorted industry in 2022, and it was the most attacked industry for the second consecutive year. Manufacturing organizations are an attractive target for extortion, given their extremely low tolerance for down time.

Ransomware is a well-known method of extortion, but threat actors are always exploring new ways to extort victims. One of the latest tactics involves making stolen data more accessible to downstream victims. By bringing customers and business partners into the mix, operators increase pressure on the breached organization. Threat actors will continue experimenting with downstream victim notifications to increase the potential costs and psychological impact of an intrusion – making it critical that businesses have a customized incident response plan that also considers the impact of an attack on downstream victims.

Thread Hijacking on the Rise
Email thread hijacking activity surged last year, with monthly attempts by threat actors doubling compared to 2021 data. Over the year, X-Force found that attackers used this tactic to deliver Emotet, Qakbot, and IcedID, malicious software that often results in ransomware infections.

With phishing being the leading cause of cyberattacks last year, and thread hijacking’s sharp rise, it’s clear that attackers are exploiting the trust placed in email. Businesses should make employees aware of thread hijacking to help reduce the risk of them falling victim.

Mind the Gap: Exploit “R&D” Lagging Vulnerabilities
The ratio of known exploits to vulnerabilities has been declining over the last few years, down 10 percentage points since 2018. Cybercriminals already have access to more than 78,000 known exploits, making it easier to exploit older, unpatched vulnerabilities. Even after 5 years, vulnerabilities leading to WannaCry infections remain a significant threat. X-Force recently reported an 800% increase in WannaCry ransomware traffic within MSS telemetry data since April 2022. The continued use of older exploits highlights the need for organizations to refine and mature vulnerability management programs, including better understanding their attack surface and risk-based prioritization of patches.

Additional findings from the 2023 report include:

• Phishers “Give Up” on Credit Card Data. The number of cybercriminals targeting credit card information in phishing kits dropped 52% in one year, indicating that attackers are prioritizing personally identifiable information such as names, emails, and home addresses, which can be sold for a higher price on the dark web or used to conduct further operations.
• North America Felt Brunt of Energy Attacks. Energy held its spot as the 4th most attacked industry last year, as global forces continue to affect an already tumultuous global energy trade. North American energy organizations accounted for 46% of all energy attacks observed last year, a 25% increase from 2021 levels.
• Asia Tops the Target List. Accounting for nearly one-third of all attacks that X-Force responded to in 2022, Asia saw more cyberattacks than any other region. Manufacturing accounted for nearly half of all cases observed in Asia last year.

ARMONK, N.Y., Feb. 14, 2023 — Job seekers, students, and career changers around the world want to pursue roles related to science, technology, engineering, and mathematics (STEM) across different industries, but say they are not familiar with career options. At the same time, online training and digital credentials are emerging as a recognized pathway to opportunity as respondents plan to seek new jobs in the year ahead.

These were some of the global findings from a new study that IBM unveiled today. The study*, administered by Morning Consult and commissioned by IBM, is based on more than 14,000 interviews of students, people seeking new jobs, and people seeking to change careers, located across 13 countries. Respondents also cited concerns that career options may not be available to them. These findings contrast with market data that employers are investing in the reskilling of their current workforce to keep pace with rapid advances in technology and stay relevant in the modern, digital economy.

“Technology training can have a transformational effect on a person’s life,” said Justina Nixon-Saintil, IBM Chief Impact Officer. “There are many misconceptions about what’s needed to pursue a rewarding and lucrative career in today’s rapidly advancing workplace. This is why we must raise awareness of the breadth of science and technology roles that exist across industries. Together with our IBM SkillsBuild partners, we’re highlighting the many pathways that exist for underrepresented communities to pursue futures in tech.”

To help tackle these misconceptions and bring STEM education closer to historically underrepresented communities in the field, IBM is announcing today 45 new educational partners around the world. These IBM SkillsBuild collaborations across social service, economic development, and vocational organizations, as well as government agencies, and universities, will make free online learning widely available, with clear pathways to employment. Many of these organizations focus on specific communities that are underrepresented in technology and will help skill women, including mothers returning to the workforce, ethnic minorities, low-income individuals, and refugees. [Full list of collaborations below]

Study Shows Misconceptions and Opportunities in Tech and Beyond

The IBM / Morning Consult study revealed perceptions from interviewed students, career changers, and job seekers who are interested in a role in Science, Technology, Engineering, and Mathematics (STEM):

Misconceptions around STEM training: it’s too expensive, learners don’t know where to start, and don’t know enough about digital credentials.

• 61% of respondents think they are not qualified to work in a STEM job because they don’t have the right academic degrees
• 40% of students say the greatest barrier to professional or technical skill development is that they don’t know where to start
• 60% of respondents worry that digital credentials may be costly to obtain
• Being able to continue to work while earning a credential is particularly important to career changers

Learners and workers around the world are planning to make a change, with about 60% of respondents looking for a new job in the next 12 months.

• 61% of students and career changers are actively looking for a new job now or plan to within the next year
• More than 80% of all respondents have plans to build their skills in the next two years
• At least 90% are confident they can develop skills or learn something new from an online program

Awareness of options around different STEM roles across industries is low, and many are concerned these careers won’t pay enough. 

• 50% of respondents are interested in pursuing a STEM-related job
• 64% of career changers are not familiar with STEM jobs
• Many respondents are unsure of which careers are considered to be a STEM job
• 62% of respondents share concerns that they won’t be able to find a STEM job that pays enough to support themselves or their family

Respondents are optimistic that roles in STEM fields across sectors will increase in the future, and that digital credentials are a good way to supplement traditional education and increase career opportunities.

• 66% of all respondents think that STEM jobs across industries will increase over the next decade
• 86% of those respondents who have earned a digital credential agree that it helped them achieve career goals
• 75% of all respondents agree that digital credentials are a good way to supplement traditional education
• Increased career opportunities and qualifications were the top reasons why respondents across the globe said they wanted to earn digital credentials

45 New Collaborations Around the World  
Through a holistic approach to investing in the future of work, IBM is supporting learners and helping tackle their misconceptions about technology and STEM careers. IBM SkillsBuild is bringing free technology training available to learners all over the world, with a focus on underrepresented communities in tech. Online training, like the courses offered by IBM SkillsBuild, is most effective when it is delivered collaboratively with local partners. Community experts enrich course content through project-based learning and connect learners with real career opportunities. To this end, today IBM SkillsBuild is proud to announce 45 new and expanded collaborations around the world:

• Brazil: Inteli; Mastertech
• China: University of Petroleum
• Costa Rica: Asociación Costarricense de Iniciativas de Desarrollo (CINDE)
• Czech Republic: Czechitas
• France:  CY Cergy Paris Université; Social Builder
• India: GSHEC-Goa State Higher Education Council; Gurukul Kangri University-Haridwar; Indira Gandhi Delhi Technical University for Women; ISA – International Solar Alliance; KRIES – Karnataka Residential Educational Institutions Society; KSDC- Karnataka Skill Development Corporation; National Institute of Electronics & Information Technology (NIELIT); OSDA – Odisha Skill Development Authority; RV College of Engineering; Sister Nivedita University-Kolkata; Tamil Nadu Skill Development Corporation
• Indonesia: PT Kinema Systrans
• Japan: Freelance Association Japan FAJ
• Malaysia: EduNxt Global Sdn Bhd University
• New Zealand: Yoobee Colleges Limited
• Qatar: Community College of Qatar
• South Africa: Innovolution Educational Programmes; Nelson Mandela University; Sefako Makgatho University of Health Sciences;  WeThinkCode_, YiEDI
• Sweden: New to Sweden, Young Scientists
• Taiwan: Gap of Learning & Field (GOLF)
• United Arab Emirates: Abu Dhabi University; University of Wollongong in Dubai; Zayed University
• United States: CompTIA; Digital Promise; Franklin Apprenticeships; HDG University;  ITExperience; Junior Achievement of Arizona; Mom Relaunch; RISE — The Mom Project; The Wond’ry at Vanderbilt University; Transition Overwatch; University of the Cumberlands

Through collaborations like these, IBM continues to progress towards its commitment to skill 30 million people globally by 2030.

*Methodology: This study was conducted by Morning Consult on behalf of IBM from November 2 – December 20, 2022. The study was conducted among a sample of 4,926 Students, 4,629 Job Seekers, and 4,628 Career Changers in 13 countries (Brazil, Canada, Egypt, France, Germany, India, Japan, Mexico, Singapore, Spain, UAE, UK, and the US).

YORKTOWN HEIGHTS, N.Y., Feb. 1, 2023 — IBM  and NASA’s Marshall Space Flight Center today announce a collaboration to use IBM’s artificial intelligence (AI) technology to discover new insights in NASA’s massive trove of Earth and geospatial science data. The joint work will apply AI foundation model technology to NASA’s Earth-observing satellite data for the first time.

Foundation models are types of AI models that are trained on a broad set of unlabeled data, can be used for different tasks, and can apply information about one situation to another. These models have rapidly advanced the field of natural language processing (NLP) technology over the last five years, and IBM is pioneering applications of foundation models beyond language.

Earth observations that allow scientists to study and monitor our planet are being gathered at unprecedented rates and volume. New and innovative approaches are required to extract knowledge from these vast data resources. The goal of this work is to provide an easier way for researchers to analyze and draw insights from these large datasets. IBM’s foundation model technology has the potential to speed up the discovery and analysis of these data in order to quickly advance the scientific understanding of Earth and response to climate-related issues.

IBM and NASA plan to develop several new technologies to extract insights from Earth observations. One project will train an IBM geospatial intelligence foundation model on NASA’s Harmonized Landsat Sentinel-2 (HLS) dataset, a record of land cover and land use changes captured by Earth-orbiting satellites. By analyzing petabytes of satellite data to identify changes in the geographic footprint of phenomena such as natural disasters, cyclical crop yields, and wildlife habitats, this foundation model technology will help researchers provide critical analysis of our planet’s environmental systems.

Another output from this collaboration is expected to be an easily searchable corpus of Earth science literature. IBM has developed an NLP model trained on nearly 300,000 Earth science journal articles to organize the literature and make it easier to discover new knowledge. Containing one of the largest AI workloads trained on Red Hat’s OpenShift software to date, the fully trained model uses PrimeQA, IBM’s open-source multilingual question-answering system. Beyond providing a resource to researchers, the new language model for Earth science could be infused into NASA’s scientific data management and stewardship processes.

“The beauty of foundation models is they can potentially be used for many downstream applications,” said Rahul Ramachandran, senior research scientist at NASA’s Marshall Space Flight Center in Huntsville, Alabama. “Building these foundation models cannot be tackled by small teams,” he added. “You need teams across different organizations to bring their different perspectives, resources, and skill sets.”

“Foundation models have proven successful in natural language processing, and it’s time to expand that to new domains and modalities important for business and society,” said Raghu Ganti, principal researcher at IBM. “Applying foundation models to geospatial, event-sequence, time-series, and other non-language factors within Earth science data could make enormously valuable insights and information suddenly available to a much wider group of researchers, businesses, and citizens. Ultimately, it could facilitate a larger number of people working on some of our most pressing climate issues.”

Other potential IBM-NASA joint projects in this agreement include constructing a foundation model for weather and climate prediction using MERRA-2, a dataset of atmospheric observations. This collaboration is part of NASA’s Open-Source Science Initiative, a commitment to building an inclusive, transparent, and collaborative open science community over the next decade.

Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.