Stay in the know with “The week in cybersecurity news,” a weekly report on all the industry headlines released every Friday. Sign up to get the report in your inbox every week.
Blockchain; the Missing Link in the Cyber Security
When the industry started to encrypt sensitive information at-rest and in-transit, this was a step in the right direction. However, the gaps within the current cyber defense mechanisms are vast and are being exploited by cyber criminals every day. The amount of trust that is put into antiquated security technologies is simply no match for the persistence of cyber criminals. A leading cyber security company, Acronis, is using blockchain technology to ensure that sensitive information remains protected. This has been dubbed the “Acronis Blockchain Technology Initiative”
By leveraging the distributed ledger system of blockchain, we are seeing a shift from traditional security models to a serious solution that ensures data remains confidential and that integrity is maintained. While blockchain’s applicability has largely encompassed crypto-currencies, the security benefits of blockchain far outweigh any other aspect.
A distributed network of nodes that must reach a consensus before data is deemed to be unmodified or valid is one of the most revolutionary concepts since the heyday of antivirus. Using these techniques, blockchain can prove to be the most formidable enemy of even the most skilled and funded cyber criminals and Nation-State organizations.
Blockchain Security for Mobile Devices is Here, Finally!
Mobile devices have integrated into nearly every aspect of our lives. Wherever you are, at the office, at home, or on vacation; your mobile device goes with you and so do cyber-threats. So, how can Blockchain be applied to mobile device security? Well, it is quite simple and follows some of the same paths that enterprises are leveraging blockchain for their cybersecurity programs.
Currently, within mobile device security, the buck stops at the mobile carrier. If attackers can overcome the security of your SIM card, it’s endgame. This was the case when cyber attackers managed to socially engineer AT&T into switching the SIM card of an investor. This led to the theft of $23.8 million dollars in cryptocurrency from the victim.
This month, Rivetz announced Dual Roots of Trust. Let’s break it down a bit:
Dual Roots of Trust uses mobile carrier SIM card security and the security measures by the Rivetz Trusted Execution Environment (TEE). By combining these two methods, mobile devices and applications are granted private keys that are decentralized and therefore, must receive unanimous approval for execution.
Newegg or Bad Egg?
Yet another data breach by the notorious Magecart hacking group. This group also recently hacked into British Airways, siphoning off the payment information of 380,000 people. The group managed to compromise the Newegg website and steal the credit card details of any custom that entered their information between August 14th and September 18th, 2018. Digital skimming scripts are plaguing businesses that accept payments online. The Newegg attackers infiltrated the checkout pages of newegg.com and inserted malicious Javascript code that captured payment information.
Online shopping differs from brick and mortar stores in that the attackers do not need physical access to the target. By exploiting flaws in websites and online systems, attackers can steal information without ever requiring proximity to the target. The next time you make an online purchase, turn on fraud alerts with your financial institution.
A U.S. Based Cybersecurity and Blockchain Accelerator is Coming
Blockchain and security are synonymous and have been founded upon the principles for ensuring legitimacy, privacy, and integrity. Business accelerators are traditionally used to bring new innovations to the forefront of the marketplace. In areas such as blockchain, widespread adoption requires participation. Larger networks are more secure as they provide more links in the chain for checks and balances. This blockchain and cybersecurity accelerator is being launched by SparkLabs and will be located in Washington, D.C.
SparkLabs will leverage their current investment strategies to incentivize small companies, startups, and even established blockchain and cybersecurity companies to partake in something bigger. Blockchain cybersecurity should be looked at as a collective and collaborative effort. This is a real community effort to enhance the science of blockchain and cybersecurity. Pushing the envelope will require organizations to leverage each other in true democratic fashion.
Japanese Cryptocurrency Hack.ed
The actual blockchain was not hacked. However, the wallet server was. The majority of blockchain vulnerabilities reside within the actual networks, not with the blockchain process. In this case, attackers were able to compromise a server that held the “hot wallet” of Coincheck.
A hot wallet is where virtual coins are stored. This is yet another example of cryptocurrency wallets and their inherent vulnerabilities. Attackers seek out the weak spots in any organization, blockchain or not, and exploit them. This particular case led to the loss of $60 million dollars or 6.7 billion Japanese Yen.
Check out the full article here.
DoD Gives Cyber Strategy a Long-Overdue Boost
Since 2015, the Department of Defense has not updated its cyber strategy. With the significant increases in cyber-attacks, this has come as a surprise to government officials and civilians alike. Just this week, the Department of Defense released their updated cyber strategy.
One of the most important takeaways from the release surrounded the new strategy to confront threats before they reach the networks in the U.S. The subject of hacking the hackers has been long debated across the U.S. and the rest of the world. This new strategy relayed valuable insight into the thoughts of U.S. government officials on striking in a proactive way. Across the cyber security industry, it is well-known that attribution is difficult and can be extremely complex, especially when the attacks are conducted by skilled professionals and state-sponsored agents. If the past 10 years are an indication of the future state of cyber security, then we are in for another wild ride. Adopting a more proactive and direct strategy on cyber security has been relayed in the new document.
Check out this tell-all article here.