Stay safe! Blockchain cybersecurity arms race to intensify in 2018
- Threats from cryptocurrency-related ransomware will increase
- Blockchain could be more beneficial to cybersecurity than it will be harmful
Blockchain villains are coming for you and your computer, while defenders are working hard to protect you, say cybersecurity experts. The battle will get hotter this year, they warn.
In 2018 we’ll see a growth in "targeted attacks on companies for the purpose of installing miners”. Meanwhile, threats from cryptocurrency-related ransomware will increasingly affect individuals and businesses alike, predicts cybersecurity firm Kaspersky Lab in its Threat Predictions for Cryptocurrencies in 2018 report.
Attacks on cryptocurrency exchanges and wallets are also likely to expand in 2018.
However, if developers are fast, the blockchain could be more beneficial to cybersecurity in 2018 than it will be harmful. From strengthening online ID authentication to guarding against malware, other analysts are expecting the blockchain to solve rather than worsen a range of cybersecurity problems.
Forrester, an American market research company, in its Predictions 2018 states that "2018 will be the start of an avalanche of new startups offering blockchain-related security solutions". Moreover, “blockchain is about to become the functionality every security vendor wants”, Forrester estimates. However, the company also predicts a "serious pruning" of once-hopeful blockchain projects that will fail to match expectations.
Its report outlines four main areas in which the blockchain will become a “foundational” cybersecurity technology:
- Certificate issuance and authentication;
- Identity verification (IDV);
- Malware and ransomware protection via binary reputation checks;
- Document authenticity and integrity verification.
However, Alexey Malanov, malware expert at Kaspersky Lab, told Cryptonews.com that the potential application of the blockchain to cybersecurity is still limited. “Currently, the main uses of blockchain is in cryptocurrencies and securing data,” he says, “as due to its decentralised nature the information [it records] can’t be tampered with.”
Still, Malanov agrees that the blockchain’s early promise as a cybersecurity tool will be sooner or later realized, regardless of whether or not it happens this year. “It’s inevitable that beyond 2018, blockchain’s potential will be unlocked by the industry and put into practice.”
In particular, it’s the protection against malware and ransomware that could prove a significant turning point in the blockchain’s relationship with cybersecurity. While the blockchain isn't and won't ever be a firewall in a traditional sense, its use as a shared digital ledger of transactions means it will essentially behave as such. It has the potential to monitor all actions within a network or system, detect anomalous or aberrant activity, and thereby prevent intrusions.
Also, the blockchain will serve as an organizational ‘firewall’ against fraud more generally, according to Forrester. “Blockchain data sources […] allow firms to get a much richer, more accurate, and reliable understanding of the history of a (potential) client,” they write. And with this richer verification of the identities and histories of potential clients, they’ll be able to exclude or report those who pose a risk.
General tips how to lower the risk from malware and ransomware:
- Regularly back up data
- Keep software updated
- Use “robust” security packages “that provide dedicated functionality for protecting financial transactions”
- Nurture a “security mindset” among staff
- Adopt good “housekeeping” practices (e.g. segmenting your network, restricting write access to data)
- Use a clean, uninfected system to check the No More Ransom site for decryption tools that will help victims get their money back.
Source: Kaspersky Lab
‘Zero trust’ policy
In addition, Johannesburg-based consultancy Dimension Data in its Top IT Trends in 2018 report predicts that the blockchain will enable organizations to adopt a 'zero trust' security policy. As part of this policy, users will need to gain explicit permission from networks before being granted access to them. Such users will have their identities verified by the blockchain, which will also provide a visible record of who has entered and exited an organization's network(s).
"For example, an organisation that had confidential intellectual property stolen can take their immutable ledger to court and prove that an unauthorised person extracted or copied a set of data," writes Matthew Gyde, Dimension Data's cybersecurity group executive, in a blog post on the consultancy’s website
Meanwhile, as mentioned in the beginning of the article, Kaspersky forecasts that “targeted attacks with miners” will become more common as criminals look to benefit from the anonymity provided by Bitcoin mining. The cybersecurity firm also expects an increase in 'insider miners' using their companies' or organizations' computers to mine for Bitcoin.
Yet with global annual cybercrime damage costs standing at USD 126 bn, the question of whether the blockchain will ultimately decrease or increase cybersecurity will therefore hinge on who can take advantage of it faster. And while the hackers responsible for 2017’s ransomware attacks, for instance, have had a bit of a head start, the predictions being offered by analysts would suggest that the rest of the world will begin catching up with them in 2018.