By Elbachir Haimoud, Information Security and Compliance Officer at TÜRKKEP A.Ş.

What is Blockchain-Based Social Media?

Blockchain has emerged as a feasible alternative for fixing numerous challenges, including social media; many specialists and experts believe that blockchain-based digital networks are the way of the future for social media, especially on a security basis. Blockchain-based social platforms provide end-to-end encryption for all interactions due to their decentralized nature.

Users that utilize such decentralized social networks will be compensated with tokens and rewards for creating and sharing high-quality content. Consumers have more privacy when using these networks, and a data breach is almost impossible.

The Need to Replace Traditional Applications

Traditional social media has made a tremendous impact on the way people communicate. Any social media site tracks user behavior. They also control individuals/users’ data stored in servers, owned, and governed by the organization’s centralized networking architecture.

Traditional social media applications are used for advertising and market businesses, sharing information and political views, raising awareness, and generating funds for people in need. But its nefarious use has also led to issues such as:

• Cyberbullying, political misinformation, scams, etc., are examples of the dark side of social networking platforms.
• The loss of personal data protection and information ownership is the key disadvantage of social media.
• The most popular social media platforms are also the most active data miners, frequently invading users’ privacy to sell more profitable advertisements.

For instance, some known social networking platforms make money from their users’ data by either sharing information such as online activity, user behavior, and content or using it for marketing and advertisements.

How can Blockchain Improve the Chances of Social Media?

Blockchain-based social networking applications are a vast decentralized platform that can develop applications and smart contracts. Some of the main advantages of such platforms are related to digital security, giving users more privacy and control over their data.

Protected Data Storage

Many organizations still use centralized storage systems for storing the data, which is a vulnerable point because a hacker needs only one vulnerable location to access all the information stored in these systems and gain access to sensitive data through an attack. With blockchain, decentralized data storage is created where essential data is protected. It would be difficult for hackers to breach any data storage system data.

Privacy concerns

Any social media platform user’s primary concern is privacy. Cybercriminals are skilled at deceiving social media users into disclosing critical information, stealing personal data, and gaining access to accounts that are supposed to remain private. Blockchain provides better anonymity and gives users the freedom to express themselves freely with this decentralized consensus framework, implying that no one can hack into the user’s account without their permission. Users can conduct the transactions privately because only the recipient and sender know its content. Consider the ultimate level of privacy; this can be expected from blockchain-based social media platforms.

Look for copyrights

The social media platforms are built with a specific goal of allowing people to express themselves and broadcast content that traditional media often fails to reveal. On the other hand, most devices have resulted in multiple tech corporations controlling social media data flow due to the concurrent structure. If social media networks adopt blockchain technology, the platforms will become censorship-resistant. However, people can communicate to the world without fear of having their profile blocked or, worse, being detained.

Copyrights are still a challenge in blockchain-based social media platforms, as no copyright registry reference exists. Yet all platforms use this. A blockchain that serves as a global registry based on time-stamp might solve this challenge. Using such systems will guarantee a high level of copyrights reservation. It is an idea already under discussion.

Traditional vs. Blockchain-Based Social Media

Though blockchain-based social media platforms are open-source like traditional ones, they offer free and paid service, and user data is not sold for profit. The significant difference is that blockchain-based applications allow users to earn and spend cryptocurrency through the application. Users make tokens by doing the following: posting, commenting, receiving upvotes, and inviting others to join the site. In some applications such as Minds, the earned tokens can be used to improve posts and obtain access to any content and the opportunity to become verified users and delete all boosted posts from their feed. Apart from allowing users to earn cryptocurrency, these blockchain-based social networking applications also help with information security, freedom of expression, and privacy. From the security perspective, blockchain-based applications enable end-to-end encryption for messages and allow users to have security rights on all information they access.

Conclusion

Blockchain-based social networking applications and platforms are probably the new future of social media. Its benefits focus on securing data and personal information by providing end-to-end encryption for all interactions, storage & device security, transaction verification, etc. They allow consumers to exercise greater control over their data, among other things.

About the Author 

Elbachir Haimoud is an information security and compliance officer at TÜRKKEP A.Ş. and is an experienced infosec professional with practical knowledge of application development, security, and penetration testing. Haimoud also has practical experience imparting his IT security knowledge to engineering students and cybersecurity aspirants.

The post Blockchain-Based Social Media Will Be More Secure appeared first on CISO MAG | Cyber Security Magazine.

By Stan Mierzwa, M.S., CISSP, Director and Lecturer, Center for Cybersecurity, Kean University

The following three predictions are just that, predictions, but in varying sectors of cybersecurity.  These include the potential for cybercrime, concerns about critical infrastructure, and a look to the future with emerging technologies that can be leveraged in information and cybersecurity.

Increases in cybercrime through ransomware events and incidents. Through the Federal Bureau of Investigation’s Internet Crime Report, an upward trend of ransomware events has been reported. In just the past three years, ransomware incidents have grown from 1,493 in 2018, 2,047 in 2019, and 2,474 in 2020. The numbers for 2021 are not yet available, but it is anticipated that the resulting number will increase.   In the past three years, there has been an increase of more than 65.7% of reported ransomware events with the FBI IC3 (FBI, 2020). 

Greater attention to protect industrial technology, partly through Industrial Internet of Things (IIoT) devices, to protect our critical infrastructure and supply chain functions. The use and value of industrial systems have gained interest in the past year, given some notable attacks on critical infrastructures, such as the ransomware attacks to the energy pipeline in the United States. Such attacks can have far-reaching health, safety, and substantial negative impacts on customers and the general citizen.

Incremental movements to integrate Blockchain technologies into resource identity solutions, information security, and cybersecurity-related products. One example of the innovation being approached related to the use of Blockchain, or Bitcoin specifically, surrounds the work by Microsoft with the open-source project called ION (Cuen, 2019).  The solution provides for a decentralized and permission-less identity system. There is no centralized repository of identity qualities for providing access with this product.  Regardless of this product, which has been under development for four years, if successful, it opens up the door to other potential critical applications that utilize Blockchain technology in actual use cases.

Also see:

How Blockchain Is Shaping Cyber Security and Causing Technology Disruptions for Global Enterprises

About the Author

Stanley Mierzwa is the Director of, Center for Cybersecurity at Kean University in the United States. He lectures at Kean University on Cybersecurity Risk Management, Cyber Policy, Digital Crime and Terrorism, and Foundations in Cybersecurity. Stan has over 15 published research publications and is a peer reviewer for the International Journal of Cybersecurity Intelligence and Cybercrime, Online Journal of Public Health Informatics and an Editorial Review Board member for the International Association for Computer Information Systems. He is a Certified Information Systems Security Professional (CISSP) and member of several associations, including the FBI Infragard, IEEE, and (ISC)². He is a board member (Chief Technology Officer) of the global pharmacy education non-profit, Vennue Foundation. Stan holds an MS in Management with a specialization in Information Systems from the New Jersey Institute of Technology and a BS in Electrical Engineering Technology from Fairleigh Dickinson University.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. 

The post Blockchain Technologies Will Be Integrated with Information Security and Cybersecurity Products appeared first on CISO MAG | Cyber Security Magazine.

By Srinivas B, Director and Head of India — Cybersecurity and Blockchain COE 

Investments in Blockchain technology are expected to surpass USD 15.1 billion by 2024, and the technology has been causing massive disruptions throughout different industry verticals. We’ve seen other technology trends making the news, but Blockchain is finally garnering the reputation it deserves.  

According to CoinDesk, over 82% of institutional investors said they would increase spendings on Blockchain and digital assets by 2023. Their reasons for expanding their crypto holdings included the diversification of assets, long-term capital growth, reduced exposure to market volatility, and improved regulatory environments. Blockchain is already being adopted outside the technology industry in healthcare, finance, food safety, and shipping. Supply chain traceability in the gemstone industry is seeing a unique application where the origins of gemstones are uncovered and provide evidence to consumers. Software development companies are making apps for clients, and with the increased use of Blockchain, we can expect the Blockchain market to grow at a CAGR of 69.3% during given forecast periods. 

What is Blockchain? 

Blockchain is a decentralized technology used for doing digital transactions via a distributed ledger. It works as blocks that store financial data about users, with each block being linked in a sequence. In a blockchain model, computational resources are shared among users as nodes connected via a peer-to-peer (P2P) network. As a Distributed Ledger technology, it has various applications and maintains records of cryptocurrency transactions such as Bitcoin, Ethereum, and many others. 

Worldwide Outlook of Blockchain Market 

According to global industry statistics, the blockchain market is forecasted to grow at a CAGR of 79.6% from 2018 to 2023. Industry verticals and players such as large and small SMEs will be the primary adopters of this technology, with Blockchain as a Service (BaaS) driving market growth exponentially in this segment. The rising popularity of blockchain is because of its nature of doing peer-to-peer digital transactions without having intermediaries in between. Data stored in blockchains are reliable, accurate, timely, and readily available. Numerous projects in media and entertainment, healthcare, agriculture, automotive, energy, eCommerce, and retail have benefited from its innovations. 

The COVID-19 pandemic has accelerated digital transformation for many companies, which means there is now an increased interest in digital ledger technology. The global blockchain market can be estimated to be valued at USD 39.7 billion by 2025. At least 25% of the Forbes Global 2000 will be using Blockchain as a foundation technology in their upcoming projects by 2025. 

Future Trends of Blockchain in 2025 

It’s clear that Blockchain will revolutionize all industry verticals and is a technology that can no longer be ignored. By 2025, we can expect to see traditional business models transition entirely to the Cloud and use these distributed ledgers to conduct financial transactions. 

The following is a list of the top future trends of blockchain for 2025 and beyond. 

1. Blockchain as a Service (BaaS)

Blockchain as a service is a new trend that allows businesses to create financial products using distributed ledger technology. BaaS models are cloud-based, and most digital products created using BaaS services do not require any setup, installation, or manual intervention. The introduction of blockchain to social media networking websites will ensure that public data stays secure, giving content creators rightful ownership of their data without letting it fall into the hands of platforms. Microsoft and Amazon are the two leading brands developing BaaS infrastructures and services for businesses. 

BaaS services will foster the creation of decentralized architectures and offer several applications. Cloud vendors are working towards bringing these services within reach of businesses who want to speed up project payments and automatically sign off contracts after their completion. AI and Machine Learning deployments in BaaS models will address bottlenecks faced during the increased adoption of these services. 

2. Interoperability of Blockchain Networks

Blockchain interoperability refers to connecting disparate Blockchains and building an ecosystem where different networks can communicate, sort of like a decentralized exchange center. A use-case of interoperability can transmit data from a Bitcoin block onto another network. 

Interoperable Blockchain blocks and their integration with existing systems will streamline transactions and make it easier to do mass deployments. “Hybrid connectors” is a concept being cited by the industry and is enabling cross-Blockchain communications. Blockchain interoperability is another why cryptocurrency usage is becoming mainstream. Blockchain interoperability benefits include multi-token transactions, improved scalability, data governance, and enhanced connections between various Blockchain networks. 

3. Investments in StableCoins and Logistics 

Blockchain’s reach is expanding by the day and apps are being built using the distributed ledger technology as we speak. Bitcoin is an example of a cryptocurrency that’s volatile by nature in the market. StableCoin is an innovation that’s currently in the works that address this. 2020 is the predicted year when they will experience an all-time high, and we can expect to see an upward trajectory for growth up to 2025 from there.  

The main types of stablecoins in the cryptocurrency market are fiat-backed stablecoins, commodity-backed stablecoins, and crypto-backed stablecoins. Investors will be buying more stablecoins and holding their money for more extended periods as these pose a low risk, offering stable returns on their investments. 

Stablecoins will also serve as the blueprint for real digital currencies meaning buyers won’t have to worry about their values being wiped out overnight, unlike other cryptocurrencies. 

Blockchain is being used to make cryptoasset exchanges and encrypt transactions using public and private keys. Many see Blockchain as a reliable transaction technology for making cryptocurrency transfers and exchanges with other individuals, verify them, and get rewards in the process. 

Blockchain can use its decentralized ledgers to combat the threat of personal identity security leaks and safeguard users. Cybercrime fraud comes in various forms and blocks can be used for encryption critical information such as social security numbers, birth certificates, identity cards, etc. Data silos and a lack of transparency are key challenges faced by the logistics sector and enterprises can leverage Blockchains to solve them by automating processes and validating data sources. 

4. Tokenization

Tokenization is the process of converting a physical asset such as an object, painting, or real estate (anything of value) and representing it as digital coins. Asset tokenization is an emerging trend in the Blockchain world and gaining quite a traction. Converting real-world assets into tokens and helps divide the rights of assets among various owners. Non-fungible tokens will foster digital scarcity and prevent assets from being replicated or copied, which means owners acquire exclusive digital rights to their assets. 

There are many benefits to Blockchain tokenization, such as increased liquidity, lack of third-party involvements, user anonymity, improved immutability, etc. Real-estate tokenization is one of the hottest trends, and many platforms are helping businesses access, exchange, and trade with tokens without compromising on legal compliance. 

5. Revolutionizing Financial Services

The financial industry is one of the early adopters of this technology, and there are many banks, NBFCs, and fintech corps are recognizing its value. Banks are finding that Blockchains help create more secure networks for conducting digital transactions and customers prefer to invest and trade with cryptocurrency. 

A recent report by CB Insights revealed that blockchain-based decentralized ledgers would enable customers to make faster payments, pay lower processing fees, and complete transactions in real-time, a seamless experience. Smart contracts drafted will eliminate third parties and make finances more decentralized in the coming years. Blockchain smart contracts allow parties to execute exchanges when “distributed conditions “are met and streamlines transactions automatically. More than 77% of financial institutions expect to adopt Blockchain technology entirely by 2021, and Gartner predicts that the banking industry will generate up to $1 million through blockchain-based digital transactions during 2021. Digital payments are the future, and there is a possibility that governments will be implementing this technology for effective data governance and management. 

Why Blockchain Trends Are Paving the Way for Companies? 

Immutability is the most significant factor behind increased Blockchain adoption, and since data in chains cannot be corrupted, they are essentially tamper-proof. Supply chain operations are becoming globalized, and that’s another segment where Blockchain trends are emerging. All nodes are linked to a ledger, and when edits are made to a single node, changes done to previous ones get verified and validated. This makes it impossible to alter data without verification, and entities cannot get away with data fraud/theft this way. 

Suppliers, distributors, and clients do not have to interact about every simple transaction, and nodes can update ledgers automatically. The growth of IoT (Internet of Things) is helping the latest Blockchain trends keep up with enterprises and is making data security increasingly sophisticated or complex. The merger of Blockchain and IoT makes machine-to-machine transactions possible, and smart devices can run thanks to their amalgamation autonomously. 

Edge computing is also being combined with Blockchain technology, allowing enterprises to reduce costs, transfer data, and not fall prey to cyber attacks as there are no centralized data repositories. Peer-to-peer Blockchain networks help organizations protect their networks and devices from botnet and DDoS attacks, ensure data privacy & security, and make devices in every network independently secure, which is another driving factor behind the emergence of the latest Blockchain trends.  

Digital companies can take advantage of Blockchain technology and address concerns related to data compliance, privacy, and security by mixing AI and Machine Learning. Blockchain mobile apps are enhancing the P2P transaction experience and verifying cross-border digital payments. Quantum computing is being impacted with the technology as ledgers are used for making data unchangeable and tamper-proof. Complex mathematical equations can be processed instantly for linking public and private keys which makes quantum computers hack-proof and not exploitable. 

The adoption of Blockchain is slowly becoming widespread. In the future, we can expect greater security, more data transparency, and a large volume of financial transactions being processed using this technology. 

References: 

1. https://lnct.ac.in/future-of-blockchain-technology-by-2025/ 
2. https://www.globenewswire.com/news-release/2020/06/18/2050049/0/en/Worldwide-Blockchain-Industry-to-2025-Get-In-depth-Insights-on-Your-Competitor-Performance.html 
3. https://searchcio.techtarget.com/feature/7-must-know-blockchain-trends 
4. https://www.forbes.com/sites/bernardmarr/2021/03/12/the-six-biggest-blockchain-trends-everyone-should-know-about-in-2021/?sh=1cff4ab36631 

About the Author

Mr. Srinivas B is a trained multi-dimensional professional with more than 20 years of experience in several fields such as Technology Consulting & Architecting, Product Development, Practice/Project Management/Pre-Sales in AWS, Azure, Google & Oracle Cloud Computing, Blockchain & IoT, and AI/Data Science Technologies. He has gained knowledge in several domains and holds various certifications titles such as Certified Project Management Professional – PMP, Certified Microsoft Azure Solution Architect, Certified Blockchain Solution Architect – CBSA, Certified Blockchain Expert – Blockchain Council, Certified Corda/R3 Developer, Certified IBM Cloud Solution Architect, etc. 

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post How Blockchain Is Shaping Cyber Security and Causing Technology Disruptions for Global Enterprises appeared first on CISO MAG | Cyber Security Magazine.

Blockchain holds the solution for most information security, transparency, integrity, and trust challenges. With such developments taking place in the digital environment, it is imperative for business and blockchain enthusiasts to understand the impact of emerging technology in the industry.

To understand the trends and challenges involved with integrating blockchain-based technology with their supply chain, CISO MAG, in collaboration with EC-Council’s CBP (Certified Blockchain Professional), conducted the survey “Global Blockchain Impact.” The market report inquiries professionals and leaders from institutes that have or are in the process of implementing blockchain-based solutions tailored to their business needs.

The survey aims to assess the state of the integration process through enquiring the state of associated elements such as skill employment, budget, business impact, use case, challenges, standard practice, solution development, etc.

Key Findings

• Nearly 40% of the respondents are investigating blockchain implementation possibilities.
• Nearly 35% of the organizations have developed budgets for blockchain-based solutions.
• According to more than a quarter of the respondents, the banking industry stands to gain the most benefits.
• Nearly 42% of the organizations lack skilled cybersecurity professionals with experience in securing blockchain-based architecture and assets.

To view the complete analysis and reportage, hit the download button now!

 

Check out our other Market Trends Reports here.

 

The post Market Trends Report: Global Blockchain Impact appeared first on CISO MAG | Cyber Security Magazine.

By Karim El Chenawi, CISO, John Doe Invest

Today, we’ll look at how Artificial Intelligence and Blockchain will dominate the technology industry, their various use-cases, and how companies can succeed in staying protected from multiple threats by taking advantage of these trends. Enterprises over public blockchains favor private blockchain networks, and AI models can classify, analyze, and gain insights from financial data. Together, blockchain AI will form a collaborative learning model that assures the trustworthiness of data being shared, ensures its integrity, and makes it convenient for users to extract and share insights, thus ensuring that transactions and the information associated with them are thoroughly validated. Microsoft researchers are working towards making considerable advancements in the Blockchain AI domain to make their innovations more accessible to everyday devices, apps, and IoT networks.

Future of Artificial Intelligence

Investments in Artificial Intelligence technologies are expected to rise by $97.9 billion by 2023, and since the COVID-19 pandemic, the valuation of the AI industry has grown. AI will become increasingly prevalent as organizations will work towards automating day-to-day processes from the supply chain to core business functions. AI will also play a significant role in adopting Cloud technologies by enterprises in 2021, and AIOps providers will help business leaders improve their decision-making processes.

Artificial Intelligence is one of the fastest-growing domains that deal with intelligent machine learning models to automate repetitive tasks and mimic human cognitive thought patterns when analyzing and processing them. With RPA and Deep Learning, organizations will use AI to solve global challenges and foster a data-driven culture that emphasizes producing sustainable deliverable models.

Blockchain Industry Outlook

Blockchain is a decentralized technology used for storing and transacting digital assets by both individuals and organizations. BaaS (Blockchain as a Service) is an emerging technology trend used by start-ups and enterprises to develop cloud-based digital products/services. Federated blockchains are rising in popularity, and the industry outlook shows that “stable coins” will reach an all-time high as a driving force for the top cryptocurrencies in 2020. According to the Blockchain as a Service Market, the market size for BaaS is estimated to reach a valuation of USD 15,455 million by 2023 and grow at a CAGR of 90.1% throughout the forecast period.

How Blockchain Works

Blockchain features multiple blocks and uses three key elements:

• Data contained within the blocks
• Nonce, a 32-bit whole number
• Hash, 256-bit number

Every time data is input into blocks; a nonce is generated. The nonce is tied to a Hash which is used for locating these blocks. The mining process is what’s referred to as accessing blocks in a chain and withdrawing the cryptocurrency. Over 4 billion nonce-hash combinations make it impossible for hackers to guess the unique nonce and find the relevant block. Every block in a blockchain references the previous block, which means miners have to go through all the blocks to find the ‘golden nonce.’ Changes in blocks must be accepted by all nodes in the network before the currency is mined successfully and withdrawn.

Benefits of Combining AI and Blockchain Technologies

Industry leaders in healthcare, finance, government, etc., such as Synapse AI, Ocean Protocol, Enigma, and Numerai, are exploring combining AI and Blockchain to disrupt the technological landscape. Many businesses are already experiencing the benefits of enhanced scalability, traceability, increased efficiency, lower running costs, and smoother operations by simply blending these two tech trends.

Greater Transparency and Increased Security

Blockchain is a type of distributed ledger that offers users more transparency on their digital transactions. Changing a single record would mean making changes to subsequent documents, and this is what makes Blockchain technology so powerful. Only a shared copy of the ledger is distributed to participants in the network. When Artificial Intelligence is combined with blockchain, it results in the creation of “smart contracts.”Smart contracts contain code that executes automatically to simplify business transactions and ensure that pre-defined criteria for agreements are met before crypto trades take place. They are used for making intelligent digital financial arrangements such as insurance policies, legal contracts, crowdfunding agreements and are considered a reliable medium for the exchange of Ethereum. Essentially, by leveraging AI and blockchain, smart contracts take out the middle-men for forming agreements between parties and make trades a lot more seamless.

Smart contracts write down the terms and conditions of agreements between buyers and sellers directly into the code. SingularityNET is a platform that provides hardware and software services through AGI tokens in exchange for adding AI services by users.

Improved Financial Audits

Companies like Walmart enter vast volumes of transaction data into AI systems for review and processing. Blockchain helps in analyzing this information on a datapoint-to-datapoint basis which yields a high level of accuracy. When records are processed in the correct sequence, there is greater confidence in their integrity, reliability, and users don’t have to worry about the possibility of tampering. Blockchains are used in the financial decision-making process by companies and help in the investigation of various transactions, thus preventing duplication, identity thefts, and fraud. 

Efficient Mining

Blockchains consume vast amounts of computing power for managing blocks on “stupid” computers and use hashing algorithms to mine data. When AI is used in conjunction with Bitcoin blockchains, it prevents the need for using ‘brute force,’ approaches for figuring out the combination of characters until one fits in and authenticates the transaction. AI adds intelligent processing for code-breaking blocks and can instantaneously encrypt or decrypt blocks by being fed the proper training datasets. 

Reduced Costs 

Businesses focus on reducing costs while sustaining operations in different industry verticals. Blockchain eliminates the need for intermediaries for drafting contractual agreements while AI automates and speeds up data processing. Together these two technological trends reduce the need for paper-based document storage, and since everyone has shared access to records, it makes it easier to view and manage them. There are no discrepancies in these records, and all the information shared across gets fact-checked and validated.

How Blockchain and AI Augment Each other

Blockchain is a technology used for protecting financial data from cyber thefts, and AI helps services make intelligent decisions when it comes to processing requests and ensuring data security. Many industries use a blockchain because of its secure infrastructure and how well it intertwines with machine learning algorithms to process huge volumes of transactions.

AI and machine learning algorithms converging with blockchain would mean businesses are enjoying more excellent encryption, better performance, and precise decision-making. Here is a list of key applications offered by AI and blockchain.

Increased Computing Power

AI helps in boosting computing resources and power when converging with Blockchain frameworks. Blockchain provides the necessary infrastructure, but organizations require enormous computing power to manage data flow in real-time and access records.

Improved Credibility

Businesses that are hopping onto the convergence of Blockchain and AI are enjoying improved credibility amongst consumers. Brands investing vast amounts into these merger technologies find that they are experiencing greater returns on investments.

Reduced Hacking

Blockchain technology offers tremendous benefits for user privacy, and by converging with AI, it helps prevent illicit digital activities. AI algorithms benefit from getting trained using large datasets and use blockchain to encrypt and optimize business frameworks, thus making transactions or exchanges very secure.

What the Future Holds

As we head towards the future, Blockchain and AI will play a vital role in automating crucial processes across all major industries. Understanding and evaluating the needs of businesses and harnessing enough raw computing power for conducting intelligent automation will be the focus of modern technological evolution. Just as computing power is needed for faster automation, so is a technology like Artificial Intelligence for quicker and more accurate analysis, including deriving insights from large data sets. Organizations are spending upwards of $4.4 billion in 2020 on the blockchain, and global investments are expected to cross $19 billion by 2024. A majority of business respondents report they plan to invest a minimum of $1 million into these distributed ledgers.

Cryptocurrency mining of Bitcoin and Ethereum dominates the Blockchain segment, and many believe that more cryptocurrencies will be mined in the future. Blockchain has the potential to digitize traditional monetary transactions and ultimately make businesses go paperless and virtuous. AI and Blockchain add trust to these transactions and enhance security. Hence companies are increasingly investing capital funds in blockchain AI technology to fuel market growth. The global AI industry is forecasted to grow to $703 million by 2024 at an annual CAGR of 25.3%.

Conclusion

To summarize, the convergence of Blockchain and AI will improve concerns related to user privacy, management, security, and reliability of information shared across IoT systems. Blockchain AI will dramatically address the limitations faced by businesses when streamlining their digital operations and support increased scalability. The more data fed into AI algorithms, the better they become at their work, and the anonymity of Blockchain transactions is what makes combining these two trends so powerful. In the future, companies will be working towards updating legacy systems using these merger technologies and make extensive upgrades to how they store, manage, and share data across centralized servers through Blockchain AI integrations.

About the Author

Karim El Chenawi is an information security specialist with more than 14 years of experience in the online gaming and e-commerce industry. He has profound knowledge of security governance and hands-on experience with corresponding technical details. He is both a specialist and a generalist having had technical as well as strategical roles such as security consultant and Chief Information Security Officer, and he has broad experience of working in a highly regulated environment.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post How Blockchain and AI will Promote Industrial Growth: An Overview appeared first on CISO MAG | Cyber Security Magazine.

By Rajiv Sharma, Vice President, EXL Service

Building a Strong Cybersecurity Workforce

Raising public awareness about cybersecurity career starts with understanding the new skill requirements and demand to build a strong cybersecurity workforce by the organizations. With the rise in sheer volume and diversity of cyberattacks, organizations are looking to bring effectiveness and efficiency in securing, testing, and continuously monitoring their digital assets. Automation of processes and up-skilling the task force are the need of the hour. This has led to a sharp increase in the demand for cybersecurity skills. Emerging technologies such as cloud computing and storage, IoT, blockchain, etc., have further increased skill demand due to the integration of technologies with the business processes, leading to a new attack surface for malicious users and hackers to target. Hence, hiring the talent to maintain and manage security posture has become equally important as having a robust architecture in place for information security.

See also: How to Learn Ethical Hacking from Scratch and Start Your Career

For organizations building a workforce involves planning, implementing, and assessing the cybersecurity readiness of their security workforce. Prior to establishing a workforce, organizations need to determine their risk exposure and risk tolerance, which influences the need to address their cybersecurity workforce gaps. The NICE framework for the cybersecurity workforce provides guidance to organizations on how to recruit cyber talent and develop professional opportunities for their cyber workforce.

Cybersecurity Career Demand and Opportunities

Cybersecurity roles are among the fastest-growing career opportunities available in the STEM field. The U.S. Bureau of Labor Statistics (BLS) jobs will grow 31% by 2029, which is seven times greater than the U.S. average growth rate for jobs. Hence, indicating that information security will be in demand as technologies keep evolving alongside the growth in cyberthreat. It could be safely assumed that the growth of cybersecurity jobs will be proportional to the increase in volume and diversity of the cyberattacks, which by the way, have grown over 50% since 2020 and are estimated to cost the world $6 trillion annually in 2021.

Hundreds of breaches each year and the loss of millions of records have tremendously increased the demand for information security posture and professionals to maintain it. The global pandemic has further boosted threat incidents, with reports highlighting the rise in cybercrime by 600% in the Asia Pacific alone due to its impact. This displays the fragile nature of the current security posture that is susceptible to different threat factors. To combat such malicious cyber intent, businesses need the assistance of professional expertise. Hence, making it is imperative for organizations to foster cybersecurity skills and talent alongside efforts for implementation of rigorous cybersecurity awareness programs, prevention and detection controls, and best practices. Multiple studies have indicated that security job roles and skills related to application development, cloud computing, incident handling, threat intelligence, risk management, security compliance and governance, data privacy, identity and access management, etc., are expected to grow the fastest in the near future.

Cybersecurity Career Pathways

There exist multiple job roles and career pathways for cybersecurity aspirants to choose from and pursue. In the era of Digital Transformation, emerging technologies and the constantly evolving digital security industry further add to these pathways that could be roughly be categorized in broad skillsets viz management, technical, and leadership.

• Management: The security management category deals with tasks and roles associated with compliance and governance within the security posture. This area tends to be less technical, but it is, nonetheless, important for professionals in these positions to know the technicality behind cybers risk in order to manage them better. The roles and responsibilities in this domain call for the need to be business savvy and got skills programmatically manage the organization’s security posture. Awareness training, audits, compliance, IT risk management, including third-party risk management, project management, etc., are some of the functions involved with these roles.
• Technical: As suggested, this pathway covers more technical roles such as diving deep into technicalities of systems, data, tools, networks, hardware, software programming, etc., with an aim to detect, prevent, respond, and mitigate cyber threats. These skills are essential in deploying cybersecurity solutions in an organization. Some of the prime roles of pathways could be listed as in the figure below.
• Leadership: This position is of extreme importance as this connects security goals to that of business processes, hence playing a critical role in the success of the business. Some of the widely popular roles in this domain include CISO (Chief Information Security Officer), directors and managers, which includes thorough leadership skills at all levels.

The career pathway listed could be an exciting journey for aspirants as the entry to the security domain could be considered as interdisciplinary, i.e., any pathway or combination of roles could be adopted based on the market demand. As there is no set pathway, choosing accordingly helps individuals gain exposure to various technologies and processes, hence allowing them to work with what they are most comfortable to adopt rather than what is available in the mainstream. One skill set which is need of the hour and common to the above-listed areas is the aptitude to adopt automation i.e., to automate manual or repetitive processes through deploying Artificial Intelligence, BOTs, ML, or BIG Data.

The Untapped Potential of an Underrepresented Population

Diversity is the need of the hour, as a diverse team is most likely to make better business and security decisions compared to a non-diverse one. Workforce development frameworks should accommodate and promote increased participation from women, veterans, persons with disabilities, minorities, and other underrepresented populations. Diversity is purposeful and should be voluntarily worked upon and be committed to by organizations aligned to their business goals. Organizations should be mindful that any security initiative or operation should involve equitable representation of the underrepresented groups. A number of organizations are running with various diversity programs and conscious efforts have been made to tap cyber talent, to name a few WiCyS, NCI’s IWICS, Palo Alto, Purdue, EC-Council, Fortinet, Facebook, etc. Such organizations aim to increase the representation of women and veterans in cybersecurity, through various training and sponsorship opportunities.

Conclusion

With cybercrimes growing multifold in volume, the demand for corresponding cybersecurity skills is also increasing exponentially. The statistics suggest that cybersecurity careers will be in high demand in the upcoming decade, and may grow by 31% in the U.S alone. This provides individuals in both STEM and other fields to pursue a career in cybersecurity.

About the Author

Rajiv Sharma is currently the Vice President of EXL Service and has more than 25 years of experience in information technology, cybersecurity, information security governance and compliance, and disaster recovery and business continuity planning. His wide range of experience involves the identification of cybersecurity risks in an ever-changing cyber threat landscape, as well as designing/recommending, and implementing/establishing control environments to mitigate the risks. Rajiv has in-depth, hands-on experience in the field of cybersecurity risk and implementation across multiple industries like fast-moving consumer goods (FMCG), automobile, telecom, manufacturing, retail financial services (banking and capital market), insurance, and ITeS.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Cybersecurity Career Awareness: The Growth of Cybersecurity in IT Industry appeared first on CISO MAG | Cyber Security Magazine.

Ransomware Attacks in India Decline

According to Sophos, there has been a drop in ransomware attacks this year, compared to the previous year. The Sophos survey also highlighted that 67% of Indian organizations whose data was encrypted paid a ransom to get back their data compared to last year, when 66% paid a ransom.

The Sophos report states, “In fact, Indian organizations were the most likely to pay a ransom of all countries surveyed: the global average was just under one third (32%).”

While ransomware attacks in India saw a dip this year, various research reports show that attackers are taking a more targeted and organized approach. There are new vulnerabilities; zero-day attacks are now common. Ransomware hackers have now zeroed in on blockchain, cryptocurrencies, and cryptocurrency exchanges. EC-Council’s Cyber Research cell will be releasing a report on this next month.

According to the Microsoft Security Endpoint Threat Report 2019, Asia Pacific continued to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher than the rest of the world, respectively.

India registered the seventh-highest malware encounter rate across the region, at 5.89% in the past year. This was 1.1 times higher than the regional average. The report also found that India recorded the third-highest ransomware encounter rate across the region, which was two times higher than the regional average.

This was despite a 35% and 29% decrease in malware and ransomware encounters, respectively, over the past year.

Cryptojacking Attacks Increasing

The Microsoft report states that crypto-hacking, malware, ransomware, and drive-by download attacks have high cybersecurity challenges in India. In fact, India recorded a cryptocurrency mining encounter rate that was 4.6 times higher and drive-by download attack volume that was three times higher than the regional and global average.

It’s a well-known fact that millions of Indians have taken to cryptocurrency trading via hundreds of exchanges around the world. And since cryptocurrency is linked with ransomware, it’s not surprising that new attack vectors like crypto-hacking, cryptojacking, and illegal cryptomining are picking up in the region.

Cryptocurrency is generated through crypto mining, which requires a lot of computing power. During cryptojacking attacks, the victims’ computers are infected with cryptocurrency mining malware, which enables criminals to leverage the computing power of victims’ computers without their knowledge, to mine cryptocurrency. Pro-Ocean, which was discovered by Palo Alto Networks, is an example of cryptocurrency mining malware.

New Vulnerabilities Found

In its Q2 Index Update, Cyber Security Works reveals new vulnerabilities in the ransomware arsenal. Its research shows that six vulnerabilities have become associated with seven ransomware strains; among them are the infamous Darkside, Conti, FiveHands, and the newly christened, Qlocker.

“With this update, the total number of vulnerabilities associated with ransomware has increased to 266. We have also noticed a 1.5% increase in the number of actively exploited vulnerabilities that are trending currently, reiterating that a risk-based approach for the remediation of vulnerabilities is the need of the hour.

One of the most compelling observations during this quarter was the exploitation of zero-day vulnerabilities even before vendors published their discovery or released patches,” said Ram Movva, Chairman and Co-founder of Cyber Security Works.

More Targeted Attacks

Another trend we observe is that the attacks are getting more targeted. Going forward you can expect to see attackers going after niche sectors rather than trying to pull off large scale attacks on everyone.

“Ransomware threats actors have been constantly evolving their tradecraft to increase the odds of the ransom payment. The most infamous ransomware variants such as WannaCry, NotPetya were more of opportunistic attacks than targeted. However, the ransomware incidents and attacks from 2020 and 2021 are much more focused, planned, and targeted and are becoming ‘Human-Operated’. They leverage known information such as vulnerabilities/ stolen credentials/ phishing attempts to launch initial attacks. These newer ransomware variants are also including ‘cyber extortion’ angle in the mix along with ransomware rendering the data backups/ restoration controls implemented by organizations less effective,” said Prateek Bhajanka, Sr Principal Analyst, Gartner.

He continued, “In many cases of ransomware incidents, the encryption of data may not even occur, and the threat actor would issue a ransom note saying, we have stolen your regulatory, client and other sensitive information, here is the sample, and if you don’t pay, we will also encrypt your data. The ransomware threat actors are going to various lengths to increase the odds of the payment and even resorting to launching/ threaten a DDOS attack if the organization doesn’t pay, called ‘Triple extortion attacks'”.

Bhajanka also said there will be an increase in the volume of attacks due to emergence of Ransomware as a Service (RaaS) in the dark web, which makes it much easier to target specific organizations. He said the attacks are going to be directed at specific industries.

“In 2020, Healthcare and Pharmaceutical industries were the most sought-after targets and now we are also observing increase in attacks in Retail and education sectors. Alongside, the threat actors are targeting the technology service providers such as Managed service providers (MSPs) and Managed Security Service Providers (MSSPs) to use them as a vector/pivot to large number of victim organizations,” he added.

The post Indian Organizations Among Most Targeted for Ransomware; Most Pay Ransom appeared first on CISO MAG | Cyber Security Magazine.

By Rahil Karedia, Global Head – Threat & Security Intelligence and Security Advisory, Network Intelligence, Inc.

Cyberthreat has been in existence since the early stages of communication and is evolving since then with the subsequent development of technology. From Landline hacking in the 1970s to cryptojacking in 2021, cybercrimes tend to become more and more sophisticated with time. With every passing decade, the technological society and cybersecurity professionals find themselves amidst highly coordinated and relentless attacks on digital assets and infrastructure, where the existing solution or defense either fell short or was not scalable enough for the implementation of emerging technology.

The 50s ad 60s

Cyberthreats in the Pre-millennial era looked completely different than what we know or imagine today. Even before the internet was introduced, cybercrimes were being conducted through targeting telecommunications. The fact that people could reach out to other people over a large distance while being unseen.

Landline Hack: Throughout the 1950s and 60’s the wired telecommunication technology was booming, and landlines were available in the majority of households across developed countries. This decade also marked the onset of the first digital-based crime known as “Phreaking,” where the perpetrators exploited the tone system used in telephone networks [1]. The episode dates back to the late 1950s, where a group of phreaks, a short form for the term “Phone Freaks” [2], decided to hack telephone networks by making unauthorized and unauthenticated long-distance phone calls by reverse-engineering the tones used by the telephone organizations. They also set up special party lines to help other fellow phreaks. Perpetrators often impersonated officials, an extensive search of the Bell Telephone company garbage to find any secret information or data, and experimented on the early telephone hardware to learn how to exploit them meticulously, which results in free long-distance telephone calls [3].

The 70s

“The introduction of computer virus”

The decade of over-the-top fashion and new genres of music also saw a new change in the digital landscape. Though research on self-replicating programs was in progress since the ’50s, the first practical implementation, i.e., a computer virus attack was seen in the early 1970s [4]. Bob Thomas, an engineer at BBN Technologies, wrote an experimental self-replicating program, which could move between computers connected by the ARPANET — the technical foundation of the internet [4].

As it could move from one system to another, it was termed as ‘Creeper,’ and while coping itself to the remote system of the 33 ASR teletype model, it left a message that read: “I’M THE CREEPER: CATCH ME IF YOU CAN,” [5]. The techniques which were used in the Creeper were later used in the McROSS — Air traffic simulator to allow certain parts of stimulation to move across the network. The invention of Creeper was soon followed by the development of its enhanced versions. Ray Tomlinson later coded an enhanced version of the Creeper and also went on to write a program called the Reaper, which moved through the ARPANET removing the existing copies of the Creeper.

With the trend of developments and enhancements that defined this decade, programmers with malicious intent for destruction began to emerge, and soon various other viruses were coded and deployed. One of the progenies of such a trend was the rabbit virus that came to light in 1974. This virus is also considered by some as the foundation to early malware, as it was coded to self-replicate until the system crashed [6].

The 80s

The decade that was witness to the birth and propagation of personal computers and wireless telecommunication was also witnessing a prominent growth of destructive viruses. In the same year of 1981, when IBM released its first personal computer, a ninth-grader from Pittsburgh wrote a program called “Elk Cloner” that attached itself to Apple DOS 3.3 OS and was designed to be activated on its 50^th use. This was the first virus to appear in the wild and was spread through the mean of the floppy disk.

The term ‘Computer Virus’ was coined by Leonard Adleman, and research termed “Computer Viruses – Theory and Experiments” was first published by his student Fred Cohen in 1984. With the passing years and constant evolution of technologies, viruses started becoming more sophisticated and destructive every year. In 1986, the PC platform was struck with the first-ever “Global epidemic” called the “brain virus,” as the internet was connecting many systems across the globe, hence, scaling up the spread of the virus. The propagation of the brin virus depicted the lack of security of the systems and was followed by the Vienna virus in the 1987’s, the first-ever virus which was meant to destroy the data.

This decade saw the actual rapid evolution of computer viruses that began to be classified into different categories based on their behavior, such as worms, trojans, etc., that developed with time. The first-ever worm— Morris Worm, was released in November 1988 by Robert Tappan Morris. Morris wasn’t aware of his creation as to what capabilities it held, as it was not designed with an intent of malice. In 1988, the Morris worm, which replicated itself soon with time, evolved into the world’s first large-scale Denial-Of-Service (DOS) attack. It spread through the world and brought many organizational servers and personal computers to a halt. Though Morris released the solution soon enough, for shutting down the program, severe damage caused by the worm was already done and evident. Morris was prosecuted and charged with violating the Computer Fraud and Abuse Act in 1989 [8].

Ransomware attacks first became known to the public in 1989, where the “Aids Trojan” was used to hide files. It was written by Joseph Popp and coded so that the files were encrypted with their names and, when done, displayed a message that stated: “User license to use the software has been expired.” The victims were asked to pay 189 dollars to the PC Cyborg Corporation to receive the repair tool that decrypted the encrypted files [9]. Though this was not considered extremely damaging as encrypting files with names backfired and was easy to restore, this gave rise to the idea of extortion through encryption which soon caught on. Since then, ransomware attacks have evolved and have become more sophisticated, as seen in recent times. Ransomware has grown to be the biggest cyberthreat in today’s time.

On the positive side, this decade witnessed the rise of cybersecurity, with many antivirus products becoming commercially available in the market. Many businesses targeting this market emerged around this period, which includes renowned cybersecurity giants such as Avast, McAfee, etc.

The 90s

As the world went online through the boom of the internet, this decade witnessed the first polymorphic viruses that replicated themselves while the original algorithm was intact in order to avoid any kind of detection.

As organizations began to digitalize and incorporated this into their marketing strategy, i.e., providing free disk, this gave malware a platform to spread further. By 1996 many viruses evolved like the stealth capability, polymorphic viruses, macro viruses, etc. They kept multiplying and spreading in the wild in such a way that by 2007, there were more than five million viruses and malware [7].

Towards the end of the 1990s, emails were a booming trend, and almost everyone with a system and internet connection possessed an email-id for themselves to communicate with ease. This became one of the most popular platforms for threat actors to spread malware and spam. Phishing attacks made the most use of this platform to trick victims into providing sensitive information or downloading malicious attachments.

In 1999, the Melissa Virus surfaced, which initiated the victim’s system via a Word document. It emailed copies of itself to the first 50 email addresses in Microsoft Outlook. It is still one of the fastest spreading viruses, which caused a damage of 80 million dollars to rectify and fix the damages.

The Turn of the Century

AS time progressed, viruses started becoming more progressive and sophisticated, which was evident throughout the 2000s. Numerous viruses came into existence, targeting specific functions of the system via the internet, network, and techniques, ranging from keystroke logging to advanced ransomware attacks.

The Distributed Denial of Service (DDOS) was the epitome of network-based attacks, as the world noticed a breakpoint in Feb 2000, where a series of DDOS attacks surfaced when a 15-year-old Canadian hacker known as the “mafia boy” mounted and executed the DDOS attacks which targeted the e-commerce websites (including Amazon and eBay). The attack led to a loss of 1.7 billion dollars and forced organizations to shut down their websites to regulate legitimate traffic flow.

With the start of the 2000s, a new era of malware emerged as emails were seen as exploitable access points for the perpetrators, who aimed at causing more destruction. The ‘ILOVEYOU’ worm infected nearly 50 million systems which corrupted the data and self-propagated itself by exploiting the victim’s email contacts. This gave an insight into how cybersecurity was crucial and the necessity for all systems to have antivirus software installed to safeguard their systems and data.

The 2000s came to be known as the carding era [10], where digital cash was still a new thing, and people using their Debit Credit cards to purchase various items online. With people relying on the internet for various purposes and digital transactions becoming a trend, Carding attacks increased. Speculations started with the Russian carding forums and marketplaces used by the perpetrators to steal card details and utilized sensitive information for multiple purposes like identity theft and phishing attacks. Cardholders who often used e-commerce platforms were susceptible to carding and phishing attacks, allowing perpetrators to access sensitive information critical to their personally identifiable information (PII). The stolen details were often sold to other criminals or put on sale on various hackers’ platforms and the dark web. The stolen details are often used to make new, fake cards. One such website was the CarderPlanet, founded by Golubov D.I. et al. in the year 2001.

The Twen’tē-tens

Data breaches soon became the center of attraction for the information security landscape due to the emergence of various malware attacks in the decade. In contrast to the previous era where the threat landscape saw the evolution and drastic changes occurring in the time frame of few years, the 2010s and the subsequent decade would see a change in trend every year. There were not any notable novel cyberthreats in this decade, but the development in the existing threat and attack vectors, and their aspects such as mode of dissemination, target, counter anti-cybercrime strategies contributed to the exponential growth of the threat landscape. As time passed by, various new attacks were witnessed with the bypassing years like [10]:

• The year of the data breach – 2011
• The post PC era – 2012
• The year of online banking threats – 2013
• The year of cyberattacks – 2014
• The year of botnets – 2015
• The year of digital extortion – 2016
• The year of global ransomware outbreaks – 2017

This decade saw numerous organizations become victims of data breaches and malware attacks. Especially the initial years were known to be the most challenging for organizations and cybersecurity professionals as the victims of data breaches lost reputation due to the loss of confidential and sensitive information and bore resulting financial burdens and losses towards stabilizing the situation and fixing the damages. Conditions were adverse where organizations like RSA and Sony Play Station had no other options other than disclosing the details and facts about the attack against their organization to assure their customers that proper mitigation steps are taken to resolve the issues.

After initial years the digital data and online presence of users started to move away from personal computers and towards mobile and virtual machines. This change is marked as the post-PC era and also noticed a significant rise in the cybercrimes focused on Android platforms, social networking sites, cloud, etc. As it took less than three years for android devices to reach the threat level of the PCs, which took nearly 14 years for the same, mobile-based cyberthreats and attacks rose in recognition.

The Twen’tē-20s

The future of cyberthreat is projected to be similar to that of the previous decade, where the existing threat vectors and attacks will be developed upon with unique implementation across emerging technologies such as the Internet of Things (IoT), cloud computing, and virtual machines, and blockchain technology. Attack vectors such as phishing and social engineering are here to stay, and the cybersecurity experts do not see them going away any time soon.

Apart from this, the IoT and blockchain technology has given rise to a new form of threat known as crypto-jacking. Crypto-jacking is an evolved form of botnet attacks and is an attack carried out by perpetrators who gain unauthorized access to the victim’s devices (PCs, Tablets, Mobiles, serves of an organization, etc.) to mine cryptocurrencies. Cryptocurrency is digital or virtual money in tokens or coins based on blockchains, and Bitcoin is one of the most popularly known cryptocurrencies. The main of crypto-jacking is to benefit from crypto mining without bearing the vast costs (mining hardware, high electricity costs) of the mining process [11]. Cybercrimes related to cryptocurrencies are seen from 2009 till date, but the cryptocurrency sector is booming, and many individuals investing in cryptocurrencies (especially the ones that have larger values such as bitcoin) have drawn the attention of many attackers. It embeds itself on the victim’s device and uses its resources to mine cryptocurrency.

Conclusion

Cybercrimes have evolved drastically! And malicious use of programs and exploitation of vulnerabilities has greatly modified the cybersecurity landscape. From small viruses that were created as pranks to their use as a threat evolved with time and then scaled to spread across the globe with change from ARPANET to the internet. With the introduction of platforms such as email, networks, cloud, IoT, blockchain, etc. that connected people and data across the globe with lightning speed, the attackers were on the run to create the perfect virus, malware, and other attacks which would compromise on the authenticity, integrity and the confidentiality of the data and cause great harm to the victim and systems.

With the development of technology and integration of security standards, attackers pushed themselves to be a step ahead and create advanced malware, trojans, ransomware, and protocols and procedures that successfully bypassed the security mechanisms. This has been a recurring stance since the technology started developing. Cybercrimes, like cybersecurity, are a forever developing and evolving process. Perpetrators are constantly working on building sophisticated threats, malware, etc., on infiltrating the prevalent and upcoming security measures. It is essential to enhance security measures and protect ourselves from becoming a victim of the ever-growing cybercrime.

About the Author

Rahil Karedia, Global Head – Threat & Security Intelligence and Security Advisory, Network Intelligence, Inc. Rahil is a trusted, responsible and knowledgeable cyberspace veteran with more than five years of experience in operational security domains such as Security Operations Centre (SOC), Threat Intelligence (TI), Threat Hunting (TH), and Incident Response (IR). He is currently leading Threat Intelligence, Security Intelligence, and Security Advisory services.

He has assisted corporate, government, and defense customers from diverse industries (Banking and Finance, Healthcare and Insurance, FinTech and Biotech, Oil and Gas, Power Grid and Nuclear Facility, Government and Foreign Affairs, Aerospace and Defense, Surveillance and Investigation, etc.), for effectively managing the Cyber Security workforce by providing clear visibility on their cyber risk profile and exposure to the cyber threats. He is currently serving EC-Council’s Global Advisory Board for CTIA and has jointly authored a Cyber Research whitepaper on “Role of a Pen Tester in Ethical Hacking” with EC-Council.

Rahil is also focused on terrorism and cyber terrorism, CBRN terrorism, and human trafficking and migrant smuggling issues. He has jointly collaborated with the U.S. Army, U.S. Army TRADOC, and CSFI on four projects related to cyber intelligence, operational security, and telecommunication and internet surveillance.

Rahil’s key aim is to assist and enable organizations in taking intelligence-driven decisions and actions in cybersecurity operations and management.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

References:

1. https://hub.packtpub.com/the-evolution-cybercrime/
2. https://www.britannica.com/topic/cybercrime/Spam-steganography-and-e-mail-hacking
3. https://www.floridatechonline.com/blog/information-technology/a-brief-history-of-cyber-crime/
4. https://www.latrobe.edu.au/nest/fascinating-evolution-cybersecurity/
5. https://corewar.co.uk/creeper.htm
6. https://www.nortonlifelockpartner.com/security-center/evolution-of-computer-viruses.html
7. https://cybersecurityventures.com/the-history-of-cybercrime-and-cybersecurity-1940-2020/
8. https://www.webroot.com/blog/2019/04/23/the-evolution-of-cybercrime/
9. https://resources.infosecinstitute.com/topic/evolution-in-the-world-of-cyber-crime/
10. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/evolution-of-cybercrime
11. https://www.kaspersky.com/resource-center/definitions/what-is-cryptojacking
    

    ---

The post Everything You Need to Know About the Evolution of Cyberthreats appeared first on CISO MAG | Cyber Security Magazine.

Poly Network is a blockchain system that provides a platform for cross-chain interactive services. It allows authorized homogeneous and heterogeneous public blockchains to connect to Poly Network through an open, transparent admission mechanism and communicate with other blockchains.

Going by the name Mr. White Hat, the hacker stole approximately $600 million in bitcoins from the Poly platform and took control of the user assets. According to Twitter updates the company shared that, less than 48 hours into the hack, the stolen tokens were being returned.

The company first announced the breach on 10th August on its official twitter handle @PolyNetwork2

The post read:

Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s address.

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

Twitterati went into a flurry of activity and  #polynetworkhack was the most tweeted hack of the day.

The Poly Network Vulnerability

SlowMist Technology, a company focused on blockchain ecological security analyzed the hack in detail and shared the following:

1. At the center of the attack is the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract that can execute specific cross-chain transactions through the _executeCrossChainTx function.
2. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the EthCrossChainManager contract can modify the keeper of the contract by calling the putCurEpochConPubKeyBytes function of the EthCrossChainData contract.
3. The verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can perform user-specified cross-chain transactions by calling the _executeCrossChainTx function internally. So, the attacker only needs to pass in the carefully constructed data through the verifyHeaderAndExecuteTx function for the _executeCrossChainTx function to execute the call to the EthCrossChainData contract PutCurEpochConPubKeyBytes function to change the keeper role to the address specified attackers.
4. After replacing the address of the keeper role, the attacker can construct a transaction at will and withdraw any amount of funds from the contract.
5. Simply put, the hacker exploited a smart contract vulnerability that is used by the Poly Network platform to exchange crypto coins between blockchains. The hackers managed to strike gold in Ether, a type of bitcoin in addition to 12 different cryptocurrencies in their steal.

DeFi is an attractive platform for the crypto market and rapidly growing with increased acceptance. As the industry captures market share, it is a lucrative target for hackers at it is still in its nascent stage but operates with large financial volumes.

DeFi related hacks total $361 million

According to CipherTrace “Cryptocurrency Crime and Anti-Money Laundering Report, August 2021”, major crypto thefts, hacks, and frauds totaled $681 million by July 21. Revealing insights related to Decentralized Finance hacks and frauds the report pegged the market loss at $361 million, 76% of major hack volume in 2021.

Highlights

• By the end of July 2021, major crypto thefts, hacks, and frauds totaled $681 million
• At $361 million, DeFi-related hacks make up 76% of major hack volume in 2021
• By the end of July 2021, DeFi hacks have already increased more than 2.8X from 2020
• At $113 million, DeFi-related fraud makes up 53% of major fraud volume in 2021
• By the end of July 2021, DeFi fraud have already increased more than 2.7X from 2020

The cryptocurrency market is gaining wider acceptance and is becoming a platform of choice for businesses. The market is still unregularized and not matured. With absence of regulation the platform is vulnerable to security attacks as there is no legal accountability. These incidents are wake up calls where the transactions could have touched billions as touted by the hacker in a Q & A, shared by CipherTrace. As the business volumes spiral upwards so will the stolen assets.

The post Mr. White Hat Controls Poly Network’s User Assets for Fun! appeared first on CISO MAG | Cyber Security Magazine.

In a recent interview with Augustin Kurian from CISO MAG, Tim spoke about console management, blockchain, effective implementation of USB control and encryption, shadow IoT among several other trends.

In most enterprises, the endpoint security realm is about managing multiple management consoles, each reporting their point of view on devices’ health. The situation becomes complicated when the may-a-time consoles can’t even agree on the inventory count as each of them reports independent numbers with considerable time spent on reconciliation. You have been tasked with the development of DG EDR. How do you think this problem can be fixed? 

This particular problem around asset inventory plagues many organizations and there are varying reasons why they all report disparate numbers amongst each other. Some security solutions may not support certain operating system types, or as devices go offline, they’re not properly being updated in the list. I believe relying entirely on a technology to do this is not the best approach. It requires a process as well to adequately account for all IT assets in your inventory, which gets continuously updated and reviewed. Network scanners can do a great job at identifying live nodes on a network and even identifying potential rogue endpoints. Coupling that data with your inventory list is essential, in addition to knowing the primary usage of the device and whether it stores sensitive data. This upfront work will dramatically increase your success in rolling out an EDR program. If you miss even a single device, such as an externally facing RDP server used for remote access, it could be used as an entrance vector by an adversary. If that turns out to be the case, your visibility into detecting that attack is now zero. So, acquiring complete coverage will require a bit of upfront work first to ensure your entire enterprise is being monitored appropriately.

How do you see the uptake for managed security services today, as compared to, say, two years ago? From which types of businesses (small, medium, large) do you see the maximum uptake for outsourced security services? (Nearly half of all cyberattacks in the U.S. target SMBs). What is driving demand for managed security services?

I’ve seen a dramatic increase in SMBs latching on to managed security services over the last several years given the number of benefits that can be derived out of the partnership. One of the most difficult challenges is hiring employees with the right level of skills to cover the broad swath of capabilities required to sufficiently protect an organization. Take Incident Response for example – if a cyberattack occurs, you would need a fleet of resources with the ability to conduct digital forensics, log analysis, possibly reverse engineering, and more. Managed security services provide these capabilities on Day 1 and you no longer have to rely on the single IT guy wearing 15 different hats. The benefits of a managed solution, such as more time to focus on your business, lowering your costs in multiple areas, quick access to expertise, etc., all drive this growing demand we’ve observed recently.

How do you think MSMEs are handling cybersecurity post-COVID-19? You have pointed out that there are hundreds of terabytes of potentially sensitive, unencrypted corporate data floating around at any given time due to an increase in the volume of data downloaded to USB media by employees since the onset of COVID-19. What are your suggestions for smaller companies for effective implementation of USB control and encryption?

I believe it’s been difficult for some MSME’s to properly address cybersecurity-related concerns during this pandemic. Implementing controls and purchasing technology during a time when funds and even resources may be strapped is a considerable challenge. We’ve seen this play out with the amount of data egress occurring across our managed services customer base; specifically to USB devices and various cloud storage sites. It comes down to the culture and workflow you’re looking to set in your organization. Having policies in place that prevent USB usage can be enforced with Group Policy Object  (GPO ) settings along with requiring users to encrypt their PCs with something like BitLocker. When it comes to filesharing and interacting with sensitive data, it’s important to store them in a technology that provides you control over permissions, the ability to encrypt, password protect, classify, etc. Services like OneDrive or Dropbox have these types of features, which can provide a significant level of comfort with how your employees access, interact with, and share sensitive information such as financial, legal, or HR data.

The virtualization of computing, software-defined storage, and networking has given birth to hyperconverged infrastructures. Implicit trust is gone and has made way for a more effective practice- explicit identity-based trust. The rapid shift to work-from-home has accelerated the adoption of Zero Trust frameworks. Do you believe Zero Trust-as-a-Service will be a necessary component of security strategies for 2021 and beyond? 

Absolutely. I believe you’ll see a significant increase in the adoption of a Zero Trust-as-a-Service model being used in security strategies beyond 2021. We’ve learned over the years that relying heavily on network security such as firewalls does almost nothing for you when faced with determined adversaries. Also, as organizations move more of their workloads to the cloud, it only becomes more imperative to protect and restrict those whom have access and ensure you have the right level of visibility. This approach will require more granular perimeter enforcements based on who the user is, where they are located, and other elements of data to determine the level of trust that’s granted. Implementing this type of strategy is not something that’ll occur overnight. My recommendation to organizations looking to embrace the Zero Trust model is to first design it and try to avoid the incorporation of legacy systems that aren’t fully capable of taking this journey. For larger and more complex businesses, this may be a multi-year project depending on your IT environment. But for smaller and medium-sized companies, it could be a great opportunity to completely transform how they approach cybersecurity that’ll ultimately protect them from advances being made by threat actors.

Read a longer version of this interview in the next issue of CISO MAG.

Subscribe here

About the Author 

Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.

The post “Relying heavily on firewalls does nothing against determined adversaries” appeared first on CISO MAG | Cyber Security Magazine.