Cybersecurity or computer security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
It is the practice of protecting systems, networks, and programs from digital attacks. These cyber-attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Likewise, cybercriminals or hackers have become increasingly complex and are attempting to steal valuable data like financial data, health records, personally identifiable information (PII) and intellectual property, and are resorting to highly profitable strategies like disrupting the overall operations of a business through DDoS (distributed denial-of-service) attacks or monetizing data access through the utilization of advanced ransomware techniques.
The data surrounding cyberattacks makes it clear how imperative better, constantly evolving systems of security are. Since January 1, 2016, more than 4,000 cyberattacks have been launched every single day. The escalating nature of these attacks becomes clear when it is considered that this was a 300% increase from 2015 when approximately 1,000 attacks were unleashed on a daily basis. In 2016, Uber was hacked, exposing the records of over 57 million riders and drivers, while an intrusion the same year led to over 412 million Friend Finder accounts being compromised. Virtually no industry is safe, and hackers are constantly seeking new landscapes to corrupt. For example, cryptojacking attempts increased by 8,500% in 2017.
While there are no foolproof methods to stymie hackers, there are some steps below, which can be taken to reduce the chances that our devices and information fall into the wrong hands. Considering how the blockchain can help fortify the cybersecurity industry is one of the most basic steps toward insulating data from the ever-cunning hackers who will stop at nothing to obtain and leverage our most sensitive data against us.
The high level of dependency on the Internet and technology today has resulted in new revenue streams and business models for organizations, but with this arises new gaps and opportunities for hackers to exploit.
We can say that blockchain resolves the ‘lack of trust’ problem between counterparties at a very basic level. Blockchain is a distributed database used in both private and public applications rather than a centralized structure where all the information is stored in a few very large databases. The data pertaining to each batch of valid transactions is stored within its own block, as every block is connected to the block which is situated in the position before it and grows continuously as new blocks of information are appended.
Our dozens of accounts spread throughout the web and protected only by often weak passwords include bank accounts, health records, birthdays, social security numbers, and passport information.
The information age explosion of online data has brought with it lapses in security protocols that regularly expose our most sensitive information to malicious actors. Therefore, finding a reliable cybersecurity protocol is more important than ever before.
In this article, let’s discuss the role of blockchain in cybersecurity!
Eliminating Human Factor from Authentication
Businesses are able to authenticate devices and users without the need for a password with the help of blockchain technology. This eliminates human intervention from the process of authentication, thereby avoiding it from becoming a potential attack vector.
The utilization of a centralized architecture and simple logins are the big weakness of conventional systems. No matter how much money an organization invests in security, all these efforts go in vain if the employees and customers use passwords that are easy to steal or crack. Blockchain offers strong authentication and resolving a single point of attack at the same time.
With the help of blockchain, a security system used in an organization can leverage a distributed public key infrastructure for authenticating devices and users. This security system provides each device with a specific SSL certificate instead of a password. Management of certificate data is carried out on the blockchain and this makes it virtually impossible for attackers to utilize fake certificates.
Blockchain users can maintain their data on their computers in their network. Because of this, they can make sure that the chain will not collapse. For example, if someone who is not the owner of a component of data (such as an attacker) attempts to tamper with a block, the entire system examines each and every data block to locate the one that differs from the rest. If this type of block is located by the system, it simply excludes the block from the chain, recognizing it as false.
Blockchain is designed in a way that the storage location or central authority doesn’t exist. On the network, every user has a role to play in storing some or all the blockchain. Everyone in the blockchain network is responsible for verifying the data that is shared and/or maintained to ensure existing data can’t be removed and false data can’t be added.
Every transaction added to a private or public blockchain is timestamped and signed digitally. This means that companies can trace back to a particular time period for every transaction and locate the corresponding party on the blockchain through their public address.
This feature relates to non-repudiation: the assurance that someone can’t verify their signature’s authenticity on a file, or the authorship a transaction that they originated. This blockchain’s functionality increases the system’s reliability as every transaction is associated cryptographically to a user.
Any new transaction that gets appended to blockchain results in the transformation of ledger’s global state. This implies that with the system’s every new iteration, the previous state will be stored resulting in a history log that is completely traceable.
The audit capability of blockchain offers companies with a level of security and transparency over every iteration. From the perspective of cybersecurity, this offers entities with an additional level of reassurance that the data has not been tampered with and is authentic.
Blockchain transactions can be denied easily if the participating units are impeded from sending transactions. For example, a DDoS attack on a set of entities or an entity can cripple the entire attendant infrastructure and the blockchain organization. This kind of attack can introduce integrity risks to the blockchain.
At present, the difficulty in impeding the attacks due to DDoS comes from the existing Domain Name System. The implementation of blockchain technology would completely decentralize the DNS, distributing the contents to more number of nodes thereby making it almost impossible for cyber attackers to hack. A system can make sure that it is invulnerable to hackers by using blockchain to safeguard data unless every single node is wiped clean at the same time.
Blockchain technology is here to stay and it will help us protect as companies, individuals, and governments. The innovative blockchain utilization is already becoming a component of other fields beyond cryptocurrencies and is mainly useful to enhance cybersecurity.
Though few of the underlying capabilities of blockchain offer data availability, integrity, and confidentiality, like various other systems, cybersecurity standards and controls must be followed by companies within their technical infrastructure with the help of blockchain to protect them from outside attacks.
The cybersecurity industry can benefit from blockchain’s unique features, which create a virtually impenetrable wall between a hacker and your information.
Use-Cases of Blockchain in Cybersecurity
- Protected Edge Computing with Authentication: Edge computing is good for IT efficiency, productivity, and power usage but it represents a security challenge for CISOs, CIOs, and the more extensive business; thus blockchain is providing a solution to secure IoT and Industrial IoT. It will help in the strengthening of authentication, enhanced data attribution, and flow as well as upgrade record management.
- Advanced Confidentiality and Data Integrity: Owing to its nature of public distribution, blockchain was created without any particular access controls initially. But with time, as the technology started providing solutions to multiple industries, blockchain implementations now have scope for data confidentiality as well as access control. The complete encryption of the blockchain ensures that data as a whole or in part is not accessible to any wrongful person or organization while in transit.
- Secured Private Messaging: A lot of companies are looking at blockchain to secure their personal and private information exchanged over chats, messaging apps, and social media. They hope to make it into a secure platform with the help of blockchain and impenetrable to foreign attacks.
- Improved PKI: PKI or Public Key Infrastructure keeps messaging applications, e-mails, websites, and other forms of communication secure. But they all rely on third-party certificate authorities to issue, revoke or store key pairs. These certificate authorities can become an easy target for hackers with spoof identities trying to penetrate encrypted communications. On the other hand, when keys are published on a blockchain, it leaves no scope for a false key generation or identity theft as the applications verify the identity of the person you are communicating with.
- Intact Domain Name System (DNS): The DNS is an easy target for malicious activities as hackers can bring down the DNS service providers for major websites like Twitter, Paypal, and other services. A blockchain approach to storing these DNS entries can improve security extensively because it removes that one single target which can be compromised.
- Diminished DDoS attacks: DDoS attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or another network resource, and cause a denial of service for users of the targeted resource. This forces the system to slow down or even crash and shut down, thereby denying service to legitimate users or systems. This problem can be solved by integrating blockchain into decentralized solutions that can provide protection against such attacks.
- Verifying the Validity of Software Downloads/Updates: Viruses, worms, and the Trojan Horses that they ride into our computers can come in many different forms, and often are difficult to spot. In 2016, about 127 million new forms of malware were created, and this virus-like mutation of computer-infecting software can easily slip by the untrained eye. In fact, it often comes in the form of a software download or phony application “update.” The blockchain has the potential to assign unique hashes to downloads and updates. This allows users to compare the hash on their would-be download with the developer’s hash to significantly reduce the chances of infecting their systems with fraudulent, and well-disguised malware.
- Biometric Private Keys/Digital Identities to Replace Passwords: Depending on who you ask, you may get different figures about what percentage of passwords are “weak” and therefore begging to be hacked. But everyone will agree that, regardless of the percentage, passwords are by and large an extremely penetrable layer supposedly protecting our most valuable information. Facebook has stated that users’ accounts are hacked 600,000 times per day — that’s a lot of raunchy status updates that could have been averted with stronger security technology. The blockchain doesn’t require passwords because it relies on either biometric data or private keys and multi-step authentication to ensure that a user is who they say they are. These systems are not only more effective protectors of our information than the username-password rigamarole, but they are easier, too.
- Preventing Hacks on Automated Systems: The rise of smart devices and other largely autonomous technologies has also opened up the public to unprecedented levels of hacking and data compromise. Convenience and the “just handle it” mentality that we are quick to delegate upon our devices has led to malaise and inattentiveness about the security of our devices and data. One need not look long or hard to see the many examples of how convenience has come at the cost of security. The Internet of Things has provided a more “scenic” route to hacking that is less prone to the early detection that may arise from phishing scams. Experts are relying upon blockchain technology to recognize invalid or potentially corrupt commands and inputs. Settings such as automatic updates can inadvertently include malware, compromising data, and/or even shutting down a system’s functionality completely. The ability for algorithms to be constantly at work recognizing unrecognized or threatening intrusions may allow for the convenience of automation without the risks that come with lax manual oversight by users.
- Decentralizing Data Storage to Remove Honey Pots: Data is the universal currency. There’s no nation, in which a person’s data cannot be leveraged in some way. This is why marketers are willing to pay so much for our data. According to one source, a single consumer’s data is worth at least $240 per year, and likely much more. Storing this data in a centralized database with a single, vulnerable point of access is reckless in this day and age, yet seemingly every week a business comes under attack, and everyone is absolutely shocked when they receive the dreaded e-mail that their account may have been compromised. The blockchain is decentralized by nature, which means there is no single point of penetration for hackers to invade. Instead of a single door protecting the vault, there are numerous, steel-reinforced barriers between the hacker and your data, making decentralized data storage a no-brainer.
- Distributing Public Key Infrastructure and Multi-Signature Logins: As it currently stands, usernames and passwords for a given site or application are stored in central databases that are vulnerable to hacking. Once a hacker has granted access to the central domain containing hundreds, thousands, or even millions of users’ login credentials, they have a virtual vault filled with a gold mine of user information. Examples of flimsy virtual vault security measures abound, and the results of these heists speak for themselves. The blockchain is decentralized by nature, storing critical information across several nodes to mitigate the risk that comes from any single node being compromised. The blockchain also operates on a multi-signature authentication model, which eschews usernames and passwords in favor of authenticating a user by confirming that they have access to multiple devices. This is a more secure means of granting access to a network, which could ultimately reduce the ease and frequency of hacks and better protect sensitive, valuable user data.
- Provenance for Computer Hardware to Prevent Foreign Intrusion: We are living in an age of cyber warfare, and the theft of intellectual property is just one of the many ways that nations seek to gain intelligence advantages over their adversaries. In 2016, the then-President Barack Obama chose to list Russia, India, and China among the nations with the poorest records with respect to preventing intellectual property theft. Intellectual property is one of America’s greatest resources, adding approximately $5 trillion to the economy in 2010, contributing 34% to U.S. GDP and supporting 40 million jobs in IT-intensive industries. As valuable as IP is to any nation’s economy, its theft is equally as harmful. Accessing entry points into the computer firmware that allows networks to operate without detection is the aim of hackers, and foreign agents who create the technology could, if they were so inclined, make it far easier to penetrate those systems structurally. Understanding who produced the firmware and where they produced it will not only allow greater oversight into purchasing decisions but will also aid in investigations should a hack occur. The ability to prove precisely where a device was manufactured is one of the benefits of blockchain ledgers, which are capable of providing immutable records of a computer’s history of manufacture and transport.
- Preventing False Data from Entering a System/Ledger: Regardless of the industry, the cost of bad data and false positives in detecting and rooting out fraud and inefficiencies is significant. Algorithms used to fight fraud are largely effective in detecting inconsistencies, but they cast such a wide net that they often incur greater administrative costs. In one test study, researchers who used the best available algorithms were able to identify 495 of 500 fraudulent credit card transactions. However, the algorithms also flagged an additional 500,000 transactions that turned out to be legitimate. Data that is filtered through a decentralized blockchain network tends to be more trustworthy, as the multi-node security lends itself to greater verification and tamper prevention. Therefore, the data stored on a blockchain-linked network can inspire more confidence for participants, because the threshold of veracity is higher than single-source, centralized networks.
There are some companies and banks, who use blockchain as a cybersecurity protocol:
- MobileCoin: MobileCoin is developing an easy-to-use cryptocurrency for resource-constrained businesses, combines privacy, security, and distributed trust with great user experience, founded by Joshua Goldbard in 2017. MobileCoin is designed so that a mobile messaging application like WhatsApp, Facebook Messenger, or Signal could integrate with a MobileCoin wallet, as the company’s crypto replaces third-party transaction vendors, and it keeps all transactional data between two peers encrypted. The boosted level of security helps companies keep transparent records in a public sphere.
- Javvy: Javvy built a universal “wallet” that stores and trades cryptocurrencies and tokens. The company’s blockchain-based app is fully decentralized, biometric login-enabled, and uses AI to detect fraudulent activity. Javvy’s app helps users manage their growing crypto stashes in a more secure way. Its token sale had been launched on November 1, 2018, and the funds used to expand its current crypto wallet technology.
- Coinbase: Coinbase is a California-based cryptocurrency exchange for users to buy and sell digital currency, founded by Brian Armstrong in 2012. Users can trade everything from Bitcoin to Litecoin to Ethereum on the company’s secure blockchain platform. Coinbase runs entirely on encryption, as the company stores wallets and passwords in a secure database and requires employees to undergo a rigorous background check, all to ensure that your crypto is safe. More than 20 million people use Coinbase, and so far the company has processed more than $150 billion in trades.
- Founders Bank: Founders Bank is a corporate challenger bank servicing the tech industry, including blockchain and other emerging technologies, aiming to provide banking services on a world-class technology platform with a strong emphasis on customer experience and AML/KYC. It aims to be the world’s first decentralized bank. Instead of being owned by a central authority, the bank owns by purchasers of its token-based equity. The company employs decentralized storage methods, an extensive public ledger system, and encryption methods to make sure cryptocurrencies are traded and stored securely.
- Santander: Santander was the first bank in the UK to adopt blockchain to securitize its international payments service. It is one of the largest banks in the US with over $1.74 trillion in assets. The bank’s blockchain enables customers to securely pay between Santander accounts in Europe and South America. The bank is piloting a blockchain-based shareholder voting mechanism through which decentralized votes are incorruptible and in real-time.
- J.P. Morgan: J.P. Morgan, the largest financial institution in the US, has developed an enterprise-focused version of Ethereum called Quorum. The platform uses blockchain technology to process private transactions. The bank uses smart contracts on the Quorum network to implement transparent yet cryptographically-assured transactions. J.P. Morgan, once, provided a $150 million one-year debt issuance to the National Bank of Canada. The blockchain-dependent trial was meant to incorporate all aspects of the debt lifecycle, including origination, execution, and settlement.
- Barclays: Barclays is a British multinational investment bank and financial services company, headquartered in London, England, once, filed a patent that would use blockchain technology to bolster security in fund transfers. The Wall Street bank is possibly looking to boost the popularity and stability of cryptocurrency transfers while using DLT to process these transfers. Along with its blockchain fund transfer patent, Barclays has a patent for know-your-customer processes that enables the bank to store all personal identifying customer information on a secure blockchain.
How Healthcare Companies Use Blockchain Cybersecurity Measures?
Like banking, the healthcare industry endures a constant barrage of cyberattacks. In fact, healthcare experiences twice the amount of phishing e-mails and malware attacks of any other industry. New challenges arise constantly and now include cyber-attacks on IoT devices that are disguised using encrypted malware.
Not only do healthcare companies, hospitals, doctors, and clinics store patient banking information, they also possess important health records. Patient data is important to cybercriminals because it demands much more money on the black market — about $50 per record. Credit card information is constantly stolen, but modern technology typically resolves any damage quickly. Exposing the social security numbers, full names, weights, heights, prescriptions and medical conditions of millions of patients can be detrimental. By threatening to release confidential information, hackers have already extorted millions of dollars from hospitals all over the world and will continue to do so unless new technologies are implemented. Recently, on June 20, NetWalker ransomware gang continued to launch ransomware attacks to the healthcare sector Crozer-Keystone Health System during the COVID-19 pandemic.
Blockchain could be the badly-needed solution to a problem that puts patients and hospitals at severe risk. The DLT’s decentralized state allows only certain individuals to have small amounts of information that, if combined, would comprise a patient’s entire health chart. The distribution of only certain information to credentialed healthcare professionals ensures that cybercriminals cannot access all identifiable aspects of an individual’s health record.
There are three healthcare companies that use blockchain cybersecurity measures to thwart attacks.
Let’s discuss in detail:
- Hashed Health: Hashed Health is a healthcare innovation firm dedicated to helping the industry implement blockchain technologies. Consisting of Hashed Collective, Hashed Enterprise, and Hashed Labs, which focus on different aspects of blockchain, Hashed Health’s ecosystem includes a blockchain healthcare community. The company is also experimenting with different ledger technologies. Hashed Health has worked with dozens of healthcare companies and hospitals to build secure digital blockchain networks for patient information sharing and internal communication channels. The company convened a value-based care working group comprised of Hashed Collective members to improve quality measures and payment efficiency for hospitals and healthcare systems across the US.
- Philips Healthcare: Philips Healthcare, part of the Philips Research firm, is pairing blockchain with AI to create a new healthcare ecosystem. In partnership with hospitals all over the world, the company uses AI to discover and analyze all aspects of the healthcare system, including operational, administrative, and medical data. It then implements blockchain to secure the massive amounts of data collected. Philips’ HealthSuite Insights platform gives healthcare systems an inside look at key pain points in the current health system and offers AI and blockchain solutions to help fix those problems.
- Health Linkages: Health Linkages uses blockchain to enable transparent data governance, further auditable analytics, and boost compliance in the healthcare sector. The company’s blockchain enables only credentialed actors to share patient data, and it also maintains a chronological series of individual healthcare events, making healthcare decisions clearer for doctors. Health Linkages is developing blockchain-based tools that show a chain-of-information so that medical professionals can view a patient’s history in a chronological and secure way.
Preventing Fraud and Data Theft
Blockchain technology provides one of the best tools we currently have to protect data from hackers, preventing potential fraud and decreasing the chance of data being stolen or compromised.
In order to destroy or corrupt a blockchain, a hacker would have to destroy the data stored on every user’s computer in the global network. This could be millions of computers, with each one storing a copy of some or all the data. Unless the hacker could simultaneously bring down an entire network (which is near impossible), undamaged computers, also known as “nodes”, would continue running to verify and keep a record of all the data on the network. The impossibility of a task like taking down a whole chain increases along with the number of users on a network. Bigger blockchain networks with more users have an infinitely lower risk of getting attacked by hackers because of the complexity required to penetrate such a network.
This complex structure provides blockchain technology with the ability to be the most secure form of storing and sharing information online. That’s why innovators have begun applying the technology in different sectors to prevent fraud and increase the protection of data.
Innovative Uses for Blockchain Technology
As more people join the world wide web and technology continues to develop, more data gets produced and more hackers will attempt to steal or corrupt that data. The technology behind blockchain is versatile and incredibly useful for the future of the Internet, allowing users to better secure their data.
Innovative uses for blockchain technology are already becoming a part of other fields beyond cryptocurrencies and can be especially useful to boost cybersecurity. By implementing rigorous encryption and data distribution protocols on a network, any business can ensure that their information will remain safely intact and out of the reach of hackers.
News on Cybersecurity and Ransomware Attacks
Let’s have a look on some of the news of how ransomware attacks are increasing day by day, especially during the COVID-19 pandemic:
- NetWalker, a malware team, launched a ransomware attack against the Austrian village of Weiz, as this attack affected the public service system and leaked some of the stolen data from building applications and inspections.
- On April 24, 2020, the infrastructure of Parkview Medical Center, the largest health center in Pueblo County, Colorado, has been infected by hackers with crypto-ransomware.
- On May 27, 2020, Microsoft revealed a new human-operated ransomware called “PonyFinal” that uses “brute force” against a target company’s systems management server and mainly has targeted the healthcare sector amidst the COVID-19 crisis.
- On June 5, 2020, creators behind Zorab ransomware launched a fake tool that double-encrypts files affected by the attack.
- On June 6, 2020, ransomware gang Maze stole 1.5TB of sensitive data from the ST Engineering Aerospace, the US branch of an integrated engineering group, which works with various governments, and its partners.
- On June 8, 2020, a ransomware gang launched an attack on the information technology systems of Alabama city of Florence in May, as this attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.
- On June 11, 2020, Maze threatened to leak stolen data from Threadstone Advisors, LLC, a US-based independent advisory firm, where Victoria Beckham, the former Spice Girl, businesswoman, and the wife of the famous football player David Beckham, has worked.
- On June 10, 2020, Recorded Future, a cybersecurity firm, revealed that a ransomware attack named “Thanos” has been promoted on a number of darknet hacking forums since February 2020.
- On June 11, 2020, REvil, a ransomware gang, leaked sensitive documents stolen from a US-based robotics company.
- On June 17, 2020, DraftKings, the online fantasy-sports company, filed a Form S-1 registration statement with the US Securities and Exchange Commission (SEC), which indicates SBTech, a company DraftKing acquired, was hit by a ransomware attack in March.
- On June 23, 2020, Evil Corp, a malware group, launched a new ransomware that asked its victims to pay a million-dollar ransom, as the group had previously gone quiet after the US Department of Justice charged some of its members in December 2019.
- On June 23, 2020, the REvil ransomware gang has auctioned sensitive data after a card services provider Interacard, who failed to cover their ransom.
- On June 24, 2020, CryCryptor, a new ransomware, targeted Canadian Android users, as it has distributed through multiple websites that pose as portals for a government-backed COVID-19 tracing app.
- On June 26, 2020, Maze and Doppelpaymer, the two ransomware gangs, attacked LG and Mitsubishi, as the hackers were threatening both companies with data leaks.
- On June 26, 2020, a report from the Cyber Security Agency of Singapore (CSA) revealed that ransomware attacks surged in 2019 by accounting 35 cases, compared to figures recorded in 2018.
- On June 28, 2020, Symantec, a cybersecurity firm, blocked a ransomware attack by a group known for demanding payment in Bitcoin directed at 30 US-based firms and Fortune 500 companies.
- On June 29, 2020, a study by Proofpoint, the cybersecurity firm, showed that phishing-based ransomware attacks were on the rise amidst the COVID-19 pandemic.
- On June 29, 2020, EvilQuest, a new ransomware, targeted macOS users who downloaded installers for popular apps via torrent files.
- On June 30, 2020, research from Microsoft revealed that Indonesia was hit hard by cryptojacking and ransomware attacks across the Asia Pacific region in 2019.
Blockchain’s inherently decentralized nature makes it the perfect technology for cybersecurity. The ledger technology has virtually endless uses in everything from medical and financial data sharing to anti-money laundering monitoring and encrypted messaging platforms.
We can develop and adopt multiple measures for security, and yet threats develop and adapt accordingly. However, with blockchain, we have a vast scope of ensuring data is safe, as blockchain is gaining traction today.
Although some of blockchains underlying capabilities provide data confidentiality, integrity and availability, just like other systems, cybersecurity controls, and standards need to be adopted for organizations using blockchain in order to protect their organizations from external attacks.
Cover Image: Analytics Insight