Interview by Adeline Jacob from SmartCities, translation by itrust consulting. There are viruses that attack bodies while there are others that attack computer systems. Neither type will have spared us in 2020, challenging both health and cybersecurity experts. Carlo Harpes, founder and managing director, and Guillaume Schaff and Matthieu Aubigny, Security Consultants at itrust consulting, analyse these current events and present the solutions proposed by the company to best navigate in this cyber-insecurity climate. Has Covid-19 resulted in a more favourable setting for the resurgence of cyber-attacks? Carlo Harpes: We were astonished when, at the beginning of the pandemic, the Luxembourg authorities announced that there had been no measured increase in cyber-attacks. This message went against our perception and our predictions. Finally, in August, Avast stated that the threat had increased by 27% for Luxembourg citizens. Most recently, we also learned that certain pieces of American security software had been breached. Almost at the same time, the world witnessed the longest shutdown of authenticated services from Google, WhatsApp, etc., in the world. We can indeed say that insecurity is increasing. Guillaume Schaff: Studies have shown that phishing attacks increased significantly during the first lockdown (1). Hackers play a lot on human emotions to achieve their goals. The climate of fear in which we lived in March was therefore beneficial to them. Matthieu Aubigny: In addition, there has been stress phenomenon at the telecommunications infrastructure level, and small vulnerabilities have probably become more significant as a result. These failures, however, have had the virtue of increasing the level of resilience of a certain number of tools. In the United States, one attack, in particular, made a lot of noise… Carlo Harpes: The Treasury Department and the National Telecommunications Administration were victims of a cyber-attack orchestrated by expert hackers inventoried APT29 who, according to the FBI, are linked to the Russian government. The attack in question on the Orion management software (network control/surveillance tool) of the American company SolarWinds was indirectly aimed at its clients: in addition to American federal agencies, the malware infiltrated leading companies in the IT world such as Cisco, Intel, Nvidia, Belkin or Microsoft without us knowing its real impact. To this day, it remains an unknown and a risk, because anyone capable of using SolarWind to penetrate Microsoft could also have used Microsoft to infiltrate its customers. These are speculations, but the underlying method, called a supply… Read more »

The ‘Russian attack on US’ by loosly protected update of the security software ‘Orion’ was well explained as ‘universal espionnage attack on the world’, by ‘Bruce Schneier’. Our hint: ‘Basically don’t trust market leader software providers; they are a spying attack vector! Rather use niche products and open source software’.

‘Fostering synergies between our consulting and research activities’ Interview by Martina Cappuccio from Lëtzebuerger Gemengen (LG) with Carlo Harpes (Managing Director), Arash Atashpendar (HoD RDI) and Matthieu Aubigny (Senior IT Security Consultant) from itrust consulting s.à r.l. about the new Research and Development strategy. itrust consulting took advantage of the period of confinement to rethink its Research and Innovation department and review its priorities. With a new manager at its head, the department intends to build a research strategy of its own, independent of the financing of isolated projects. Carlo Harpes, founder and Managing Director of itrust consulting, Matthieu Aubigny, Security Consultant, and Arash Atashpendar, Head of Research, Development and Innovation (RDI), tell us about the company’s flagship research projects. What changes are taking place within itrust consulting? Carlo Harpes: Our company has always put its resources at the service of projects for which it found funding without having its own research strategy. Today, we would like to make a paradigm shift and organise our activities according to the priorities we identify by observing the flaws that exist in our modern infrastructures. We have therefore recruited a new head for the department of Research, Development and Innovation, Arash Atashpendar, in order to build a research strategy of our own. We will try to release funds, mainly from the FNR, to finance our team as a whole and no longer just certain isolated projects. The aim is also to supervise more doctoral students on an ongoing basis, as a university institute would do. At the same time, we strive to promote synergies between our consulting and research activities. Our strength lies in the close cooperation between these two departments. Researchers know that their work will be used in the field by their collaborators in consulting, just as they know that the turnover generated by our consulting activities allows us to invest in research in order to update our tools and skills. Matthieu Aubigny, you have handed over to Arash Atashpendar at the head of the RDI department. What are the reasons for this change? Matthieu Aubigny: This change came at a significant moment when the projects I was leading were coming to an end and others were evolving more in Arash’s area of specialisation, that of quantum cryptography and algorithmics. As for me, I had more and more work to do at the consultancy level, so this transition came about naturally…. Read more »

itrust consulting referenced for an evaluation of progress in quantum cryptography in an IBM Qiskit report on simulation frameworks for quantum key distribution (QKD), August 19, 2020.