The 1997 indie horror movie “Cube” posited a dystopic future where unwilling prisoners are systematically dismembered by a high-tech prison. The SARS-CoV-2 pandemic has created an environment for a similar virtualized dismemberment of our digital assets and our personal data security.
Unscrupulous hackers are socially engineering their way into financial systems and financial accounts. Well intentioned efforts to promote public safety are fostering prospective abrogation of personal data privacy. At the same time, there are new areas of business opportunity for distributed ledger companies emerging from the crisis.
The EventBot trojan is the latest malware to target financial accounts and wallets. Posing as an innocent-seeming app download, such as Microsoft Word, it will take over your phone’s data streams, keylogging passwords and even grabbing SMS messages used in two-factor authentication.
Malware and phishing are on the rise in the pandemic, as hackers take advantage of heightened anxiety and unprecedented numbers of people working from home outside normal corporate security protocols. For example, one attack vector is to send a phishing email that simulates a health alert from an individual’s organization. Another is to engage in synthetic identity theft on LinkedIn with fake profiles of real people that then send internal LinkedIn messages containing links asking people to look at a file or app. The next-level LinkedIn hack is account takeover of a legitimate profile, and I have personally seen this happen with at least two colleagues in the last six weeks.
David Shrier is a speaker at Consensus: Distributed, CoinDesk's free virtual convention running May 11-15. Register here.
Meanwhile, new data security risks are emerging as unintended consequences of the massive effort to track, trace and remediate the virus. Large-scale health data pools are being assembled, with multiple copies of sensitive health, financial, and telecom data being created at disparate locations. The audit trail of who has accessed this data is poor. Distributed ledger solutions around data governance, data security, and personal data management could help. For example, BurstIQ has announced the Research Foundry to facilitate secure collaboration around health data.
Synthetic identity theft is another cyber security issue that’s accelerating in recent months. Hackers will take elements of data about real people, such as their name and social security number, and combine it with fake information such as a fingerprint image, a new email address, and street address, to create a convincing simulacrum of a real person that can be used to open credit lines, divert funds from financial accounts, and other forms of fraud or theft. Distributed ledgers offer possible solutions on synthetic identity theft, with the potential for distributed digital identity creating a trusted substrate for identity verification, validation, and authentication. Essential data attributes can be linked immutably to each other, and the blockchain trust authority can offer assertions around authentication and transactions tied to this immutable identity without revealing underlying personal data.
To secure your crypto wallets and other accounts, here are a few steps you can take:
1. Enable multi-factor authentication. According to Microsoft, 99.9% of compromised accounts did not have multi-factor authentication activated.
4. Make sure your virus software is up to date, including installing protection on your phone. Android represents 98% of mobile phone attacks, mostly in the form of malware downloaded to the device.
5. Practice good cyber hygiene. Only download apps from credible repositories, like the Android Marketplace, and verify sources before clicking on any link you receive in an email, text, or LinkedIN message.
Escape the “Cube,” and explore the cyber opportunity that has also arisen as a result of the pandemic. Cyber unicorns will be founded in the next few years as we see ever-increasing demand for better security solutions.