According to analysts, the volume of fraud and theft related to cryptocurrency reached $ 4.4 billion in 2019. With the development of the high-tech market, cybercriminals shift the focus from exploiting technical vulnerabilities to human weaknesses, since such attacks are easier to implement and do not require special knowledge and skills.
One of the ways to provide protection against cyber attacks and reduce cyber risks in 2020, experts call the use of distributed registry technology.
Specially for ForkLog, Mikhail Kondrashin, Technical Director of the Trend Micro cybersecurity solution development company in Russia and the CIS, examined the main types of cyber threats that will be relevant in the new year and the blockchain application options to prevent them.
Current Threats 2020
Trend Micro research shows that more and more cybercrime forums offer services such as “Malicious as a service” or “Extortion as a service”, with the help of which anyone can arrange a cyber attack.
The objectives of cyberattacks are traditionally financial institutions and their clients. In this sense, there are no fundamental differences characteristic of cryptocurrency platforms. Hackers use similar techniques to steal ordinary money and cryptocurrencies.
The threats that will form the cybercrime landscape in 2020 include:
an increase in the number of targeted attacks with the aim of extorting cryptocurrency;
increased attacks on smart infrastructure, the Internet of things (IoT) and the industrial Internet of things (IIoT);
a further increase in cyber attacks on mobile devices;
increase in the number of incidents with personal data: leaks, modification and criminal use;
the emergence of new attack vectors related to the adoption of the PSD2 / OpenBanking directive - their main goal will be fintech startups, among which there are a sufficient number of blockchain platforms, as well as their clients.
Account Theft Protection
Leaks and theft of logins and passwords from various services in recent years have been steadily present in the first lines of information security news. Cybercriminals use social engineering, phishing emails and websites to convince their victims for some reason to enter their credentials on a “legitimate” resource. To protect against password theft, you can completely refuse to use them by using one of the blockchain platforms available today, for example, Civic or HYPR.
Civic is a digital identity management platform focused on preventing theft of user data and online fraud with personal data.
HYPR is a package of biometric security systems to protect users of mobile and desktop platforms, as well as the Internet of things. A decentralized authentication platform allows organizations to work with biometric data without worrying about hacker attacks on a biometric server or a centralized password database.
Protection of personal information
Personal data laws are tightened around the world. The EU Regulation on the Protection of Personal Data GDPR contains severe penalties for companies that violate it. In 2018 alone, the total amount of fines exceeded 56 million euros, and in 2019, Marriott International and British Airways received fines of 110.0 million euros and 204.6 million euros, respectively, for personal data leaks.
Using the blockchain to work with personal data allows you to create a system in which all actions with them will be recorded in the registry. Due to this, uncontrolled use of personal information will be impossible.
The immutability of the blockchain creates another problem related to the right to oblivion. The owner of personal data has the right to apply for the destruction of information about himself, and companies will have to solve the problem of removing this information from the register.
Protection of corporate blockchains and crypto exchanges
Blockchain platforms attack in the same way as any cryptography: they exploit vulnerabilities in systems and social engineering, playing on human weaknesses. A typical example of such an attack is a phishing email with a malicious attachment that is launched by the hands of an employee of a company or crypto-exchange. As a result, cryptocurrency theft, data leaks and other incidents occur.
The protection against such attacks can, in principle, be reduced to the implementation of a wide range of technical and organizational measures, including the introduction of protective solutions from a number of developers, including Trend Micro. This is the protection of cloud services, containers and end devices, as well as a system of protection against intrusions and leaks.
As specific measures for blockchain platforms, one can note the mandatory use of multi-signature and authenticator applications for two-factor authentication.
Neglect of multi-signature smart contracts is cited as the main reason for the hacking of the Japanese cryptocurrency exchange Coincheck in 2018, as a result of which more than $ 500 million in NEM cryptocurrency was stolen.
Experts note that a month before the theft, fraudulent letters with viruses arrived on the exchange, which contributed to the theft of the key.
Supply Chain Protection
One of the dangerous types of attacks - attacks on compromising business correspondence (Business Email Compromise, BEC) - suggests that an attacker is introduced into the chain of interaction of the company and its counterparties in order to steal money or conduct some other malicious actions.
Registration of all processes of interaction with contractors in the blockchain, or fixing these actions with the help of smart contracts in the future will protect companies from scam attacks.
In addition, the use of the blockchain ensures the authenticity of batches of products and all the components of which it consists, and also allows you to track the movement of data and physical goods throughout the supply chain and identify where the failure occurred.
According to Gartner, in 2020 the number of IoT devices will exceed 20 billion, and after 10 years - 500 billion. This is a real revolution, the consequences of which go far beyond the use of “smart” light bulbs, refrigerators and even whole “smart” houses. Internet of Things devices will be massively used in all sectors of the economy, from industry to agriculture and healthcare, and it’s hard to imagine all possible uses right now.
Wait a bit: in just a few years, the physical world will become extremely interconnected and “smart.” Unfortunately, this will bring not only new conveniences, but also new problems, since many IoT devices are extremely unsafe. Almost all of them contain vulnerabilities, exploiting which hackers can, for example, control implanted pacemakers, remotely disable cars and launch powerful DDoS attacks.
Any failure in the IoT ecosystem endangers many devices, personal data, and supply chains. Typically, IoT security issues are in three areas: authentication, connectivity, and transactions.
Using a blockchain to control access to data from IoT devices will create an additional barrier for attackers, since it can prevent the vulnerable device from transmitting false information and disrupting the network environment, whether it be a smart home or a smart factory.
In addition, the decentralization of the blockchain will allow you to forget about the problems associated with the failure of the authentication server.
For example, Uniquid offers a Litecoin-based cloud-based blockchain platform for managing the connection and authentication of various devices, including IoT. Each connected device is registered in the registry, and the granting of access rights or their removal is made out in the form of a blockchain transaction, which is visible to all network participants. This makes it extremely difficult for intermediary attacks (MiTM), connecting unauthorized devices and users.
Using blockchain can reduce cyber risks, however, like any technology, it is not a silver bullet that will destroy all threats with one shot. The introduction of distributed registry technology into generally accepted practice requires significant efforts to standardize, refine devices and protocols, create cost-effective solutions for low-performance IoT components, and develop and adopt legislative initiatives that determine how to use them in companies and at the state level.
The development of this process can already be seen on the example of large corporations that have implemented the blockchain for supply chain management, infrastructure protection and other tasks. However, today it can be stated that this is only the beginning of a long road to a secure future, secured by a global distributed registry.