According to analysts, the amount of fraud andcryptocurrency thefts reached $ 4.4 billion in 2019. With the development of the high-tech market, cybercriminals are shifting the focus from exploiting technical vulnerabilities to human weaknesses, since such attacks are easier to implement and do not require special knowledge and skills.
One of the ways to provide protection against cyber attacks and reduce cyber risks in 2020, experts call the use of distributed registry technology.
Specifically for ForkLog CTOThe developer of cyber security solutions company Trend Micro in the Russian Federation and the CIS Mikhail Kondrashin examined the main types of cyber threats that will be relevant in the new year, and options for using the blockchain to prevent them.
Current Threats 2020
Trend Micro studies show that more and moreon cybercrime forums, services such as “Malicious as a service” or “Extortion as a service” are offered, with the help of which anyone can arrange a cyber attack.
The objectives of cyberattacks are traditionally financialinstitutions and their customers. In this sense, there are no fundamental differences characteristic of cryptocurrency platforms. Hackers use similar techniques to steal ordinary money and cryptocurrencies.
The threats that will form the cybercrime landscape in 2020 include:
- an increase in the number of targeted attacks with the aim of extorting cryptocurrency;
- increased attacks on smart infrastructure, the Internet of things (IoT) and the industrial Internet of things (IIoT);
- a further increase in cyber attacks on mobile devices;
- increase in the number of incidents with personal data: leaks, modification and criminal use;
- the emergence of new attack vectors related toadoption of the PSD2 / OpenBanking directive - their main goal will be fintech startups, among which there are a sufficient number of blockchain platforms, as well as their clients.
Account Theft Protection
Leaks and theft of logins and passwords from variousservices in recent years are steadily present in the first lines of information security news. Cybercriminals use social engineering, phishing emails and websites to convince their victims for some reason to enter their credentials on a “legitimate” resource. To protect against password theft, you can completely refuse to use them by using one of the blockchain platforms available today, for example, Civic or HYPR.
Civic is a digital identity management platform focused on preventing theft of user data and online fraud with personal data.
HYPR - a package of biometric support systemssecurity to protect users of mobile and desktop platforms, as well as the Internet of things. A decentralized authentication platform allows organizations to work with biometric data without worrying about hacker attacks on a biometric server or a centralized password database.
Protection of personal information
Personal Data Lawtightens around the world. The EU Regulation on the Protection of Personal Data GDPR contains severe penalties for companies that violate it. In 2018 alone, the total amount of fines exceeded 56 million euros, and in 2019, Marriott International and British Airways received fines of 110.0 million euros and 204.6 million euros, respectively, for personal data leaks.
Using blockchain to work withpersonal data allows you to create a system in which all actions with them will be recorded in the registry. Due to this, uncontrolled use of personal information will be impossible.
The immutability of the blockchain creates another problem,related to the right to oblivion. The owner of personal data has the right to apply for the destruction of information about himself, and companies will have to solve the problem of removing this information from the register.
Protection of corporate blockchains and crypto exchanges
Blockchain platforms attack in the same way asany cryptography: exploit vulnerabilities in systems and social engineering, playing on human weaknesses. A typical example of such an attack is a phishing email with a malicious attachment that is launched by the hands of an employee of a company or crypto-exchange. As a result, cryptocurrency theft, data leaks and other incidents occur.
Protection against such attacks can, in principle, be reduced toimplementing a wide range of technical and organizational measures, including the introduction of protective solutions from a number of developers, including Trend Micro. This is the protection of cloud services, containers and end devices, as well as a system of protection against intrusions and leaks.
As specific measures for blockchain platforms, one can note the mandatory use of multi-signature and authenticator applications for two-factor authentication.
Neglecting smart multi-signature contractscalled the main reason for the hacking of the Japanese cryptocurrency exchange Coincheck in 2018, as a result of which more than $ 500 million in NEM cryptocurrency were stolen.
Experts note that a month before the theft, fraudulent letters with viruses arrived on the exchange, which contributed to the theft of the key.
Supply Chain Protection
One of the dangerous varieties of attacks is attacks oncompromise of business correspondence (Business Email Compromise, BEC) - suggest that an attacker is being introduced into the chain of interaction between the company and its counterparties in order to steal money or conduct some other malicious actions.
Registration of all processes of interaction with contractors in the blockchain, or fixing these actions with the help of smart contracts in the future will protect companies from scam attacks.
In addition, the use of blockchainIt provides verification of the authenticity of batches of products and all the components of which it consists, and also allows you to track the movement of data and physical goods throughout the supply chain and identify where the failure occurred.
IoT Protection
Gartner estimates that in 2020, the numberIoT devices will exceed 20 billion, and after another 10 years - 500 billion. This is a real revolution, the consequences of which go far beyond the use of smart bulbs, refrigerators and even whole smart homes. Internet of Things devices will be massively deployed in all sectors of the economy, from industry to agriculture and healthcare, and all possible use cases are hard to imagine right now.
Wait a bit: in just a few years, the physical world will become extremely interconnected and “smart.” Unfortunately, this will bring not only new conveniences, but also new problems, since many IoT devices are extremely unsafe. Almost all of them contain vulnerabilities, exploiting which hackers can, for example, control implanted pacemakers, remotely disable cars and launch powerful DDoS attacks.
Any failure in the IoT ecosystem endangersmany devices, personal data, supply chains. Typically, IoT security issues are in three areas: authentication, connectivity, and transactions.
Using blockchain to control access todata from IoT devices will create an additional obstacle for attackers, since it can prevent the vulnerable device from transmitting false information and disrupting the network environment, whether it be a smart home or a smart factory.
In addition, the decentralization of the blockchain will allow you to forget about the problems associated with the failure of the authentication server.
For example, Uniquid offers cloudLitecoin-based blockchain platform for managing the connection and authentication of various devices, including IoT. Each connected device is registered in the registry, and the granting of access rights or their removal is made out in the form of a blockchain transaction, which is visible to all network participants. This makes it extremely difficult for intermediary attacks (MiTM), connecting unauthorized devices and users.
Conclusion
Using blockchain allows you to reducecyber risks, however, like any technology, it is not a silver bullet that will destroy all threats with one shot. The introduction of distributed registry technology into generally accepted practice requires significant efforts to standardize, refine devices and protocols, create cost-effective solutions for low-performance IoT components, and develop and adopt legislative initiatives that determine how to use them in companies and at the state level.
The development of this process can already be observed atAn example of large corporations that have implemented blockchain for supply chain management, infrastructure protection and other tasks. However, today it can be stated that this is only the beginning of a long road to a secure future, provided by a global distributed registry.
Read this:
The authenticity of New Balance sneakers can be traced through the Cardano blockchain.
South Korea will allocate $ 9 million to support blockchain startups in 2020
Bitcoin hash updated historic high on first day of 2020
Tom Lee: Bitcoin will cost $ 91,000 by March 2020
What will be the price of bitcoin on the eve of halving in May 2020
Blockchain smartphones: an overview of cryptocurrency-enabled phones