How to Protect Your Crypto From Cyber Attacks During COVID-19

At-home working opens up security issues for crypto. Oxford University researcher (and Consensus speaker) David Shrier outlines ways to mitigate the risk.

AccessTimeIconMay 9, 2020 at 6:44 p.m. UTC
Updated Dec 10, 2022 at 9:40 p.m. UTC
AccessTimeIconMay 9, 2020 at 6:44 p.m. UTCUpdated Dec 10, 2022 at 9:40 p.m. UTC
AccessTimeIconMay 9, 2020 at 6:44 p.m. UTCUpdated Dec 10, 2022 at 9:40 p.m. UTC

The 1997 indie horror movie "Cube" posited a dystopic future where unwilling prisoners are systematically dismembered by a high-tech prison. The SARS-CoV-2 pandemic has created an environment for a similar virtualized dismemberment of our digital assets and our personal data security.

Unscrupulous hackers are socially engineering their way into financial systems and financial accounts. Well intentioned efforts to promote public safety are fostering prospective abrogation of personal data privacy.  At the same time, there are new areas of business opportunity for distributed ledger companies emerging from the crisis.  

The EventBot trojan is the latest malware to target financial accounts and wallets. Posing as an innocent-seeming app download, such as Microsoft Word, it will take over your phone’s data streams, keylogging passwords and even grabbing SMS messages used in two-factor authentication. 

Malware and phishing are on the rise in the pandemic, as hackers take advantage of heightened anxiety and unprecedented numbers of people working from home outside normal corporate security protocols. For example, one attack vector is to send a phishing email that simulates a health alert from an individual’s organization. Another is to engage in synthetic identity theft on LinkedIn with fake profiles of real people that then send internal LinkedIn messages containing links asking people to look at a file or app. The next-level LinkedIn hack is account takeover of a legitimate profile, and I have personally seen this happen with at least two colleagues in the last six weeks.

David Shrier is a speaker at Consensus: Distributed, CoinDesk's free virtual convention running May 11-15. Register here.

Meanwhile, new data security risks are emerging as unintended consequences of the massive effort to track, trace and remediate the virus. Large-scale health data pools are being assembled, with multiple copies of sensitive health, financial, and telecom data being created at disparate locations. The audit trail of who has accessed this data is poor.  Distributed ledger solutions around data governance, data security, and personal data management could help. For example, BurstIQ has announced the Research Foundry to facilitate secure collaboration around health data.  

From the 1997 movie "Cube"
From the 1997 movie "Cube"

Synthetic identity theft is another cyber security issue that’s accelerating in recent months. Hackers will take elements of data about real people, such as their name and social security number, and combine it with fake information such as a fingerprint image, a new email address, and street address, to create a convincing simulacrum of a real person that can be used to open credit lines, divert funds from financial accounts, and other forms of fraud or theft. Distributed ledgers offer possible solutions on synthetic identity theft, with the potential for distributed digital identity creating a trusted substrate for identity verification, validation, and authentication. Essential data attributes can be linked immutably to each other, and the blockchain trust authority can offer assertions around authentication and transactions tied to this immutable identity without revealing underlying personal data.  

SingleQuoteLightGreenSingleQuoteLightGreen
Cyber unicorns will be founded in the next few years as we see ever-increasing demand for better security solutions.
SingleQuoteLightGreenSingleQuoteLightGreen

To secure your crypto wallets and other accounts, here are a few steps you can take:

1. Enable multi-factor authentication. According to Microsoft, 99.9% of compromised accounts did not have multi-factor authentication activated.

2. Use a different password for every single account you have. Many people re-use the same five passwordshttps://www.yubico.com/wp-content/uploads/2019/01/Ponemon-Authentication-Report.pdf (notwithstanding the fact that the average business user has over 190 logins to track). 

3. Use good password hygiene: the world’s most common passwords last year included “12345” and “password,” with 83% of Americans using weak passwords.

4. Make sure your virus software is up to date, including installing protection on your phone. Android represents 98% of mobile phone attacks, mostly in the form of malware downloaded to the device.

5. Practice good cyber hygiene. Only download apps from credible repositories, like the Android Marketplace, and verify sources before clicking on any link you receive in an email, text, or LinkedIN message.

Escape the “Cube,” and explore the cyber opportunity that has also arisen as a result of the pandemic. Cyber unicorns will be founded in the next few years as we see ever-increasing demand for better security solutions.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Read more about