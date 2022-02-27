Preventive and defensive measures combat cybercrime in the same way that vaccines are a good defense against a biological pandemic.

There are those who say that a possible “cyber pandemic” is inevitable, but there are others who affirm that this is what is happening today.

One of the latter is Gil Schwed, founder and director of Check Point Software Technologies, a pioneer cybersecurity company in Israel.

According to this specialist, cybercriminals already have sophisticated tools to infect websites of government organizations and major companies. “We have to defend ourselves against (attacks) from day zero,” he stated as if he were talking about a vaccine against a disease.

A recent survey by Allianz Risk Barometer showed that companies in 89 countries are most concerned about attacks from ransomwaredata breaches, or information technology outages than from global supply chain headwinds, natural disasters, or the COVID-19 pandemic.

It’s that the online landscape changes very quickly, which makes cybercriminals be on the lookout for tempting opportunities that appear like mushrooms from one day to the next.

“It’s not about whether hackers are going to make it. They will make it. The question is how they will do it” – Edo Yahav, Vice President of Research and Development and General Manager of SafeBreach Israel.

Israel’s 450 or so cybersecurity companies play an important role in predicting and protecting against online crime, and that’s in no small part because the Israel Defense Forces serves as a unique incubator for talent and innovation in that area. sector.

“I don’t think anyone else in the world has this kind of advantage,” said Liel Strauch, director of cybersecurity research at PerimeterX, which has offices in Tel Aviv and Silicon Valley.

One of the current questions is what are the biggest cyber risks that experts expect for the next few years and that are related to the metaverse.

The robots, protagonists

PerimeterX protects e-commerce, media and tourism websites from automated fraud and customer attacks. He specializes in risk detection and management for online applications.

The company’s Bot Defender deflects attacks from bots.

These are pieces of software programmed to do anything from taking over an account to stealing limited edition items.

Strauch noted that the growing popularity and value of limited-edition items and NFTs (non-fungible tokens) are attractive to cyber attackers.

We can assume that we will see bot attacking NFT sales and the metaverse in general to profit from cryptocurrencies or convert them into real money. Something else we have seen gaining traction among cybercriminals is supply chain attacks,” the executive told ISRAEL21c en Español.

This translates to an attack by a hacker infiltrating a web page through the “blind spot” of software vulnerabilities in third-party vendors running on that site with access to your data.

Google Analytics is an example of a third party provider.

“This is going to be one of the main ways that criminals will gain access to data from different companies,” Strauch said.

Using third parties, hijackers “inject” a snippet of code into different pieces of JavaScript running on a web page to collect users’ personal information (especially credit card numbers).

Strauch said that because such activity generates a lot of profit for cybercriminals, it is possible to expect supply chain attacks to increase in the coming years.

In addition, the specialist predicted that the developing metaverse will generate much more traffic to the digital world, which will give more opportunities for hackers to act and, therefore, more scope for action by cybersecurity companies.

What is the metaverse?

Also called “Web 3.0”, the metaverse is a set of technologies that adds an immersive 3D dimension to people’s digital interactions.

“On the positive side, the change to the metaverse shows that everything happens in the same world. It’s similar to how it was easier to deal with the ‘skimming’ physical when it happened at ATMs and it was known exactly where it was going to happen and what had to be done. Now that everything will be transferred to digital assets, the situation will help companies to invest more in technologies to protect those types of assets,” Strauch said.

Prevent account theft

According to Elad Cohen, vice president of data science at Riskified, one of the biggest trends you’ll see is account takeover.”

“A survey we conducted recently showed that at least 17 percent of consumers had lost one of their accounts. We believe that in the last three years there has been a five-fold increase in attempts to take over accounts. In 2021, one in 140 logins was an account takeover attempt. We already anticipate that this will continue to increase,” Cohen said.

E-commerce companies face a dilemma: customers prefer as simple a checkout process as possible (when the password and credit card number are stored on the web page).

Using passwordless authentication – SMS messages with a temporary code to type – adds “friction” and leads to lost sales.

But the thing is, the simpler the process, the easier it is for hackers to capture your account.

“There is a trade-off between ease of use and the difficulty for criminals to crack private information” – Elad Cohen, Vice President of Data Science at Riskified

On the other hand, loyalty points or discounts that attract customers who return to use their stored account add value and vulnerability that further attract cybercriminals.

“This makes the potential for account takeovers a much more lucrative action. Once the cyber scammer has the credentials for an account, it’s easier to monetize from there,” Cohen said.

For his part, Ephraim Rinsky, product marketing manager for account security at Riskified, said stealing account credentials is getting simpler.

“Two years ago, to access an account you had to go to the dark web and look for the credentials. Today it is possible to buy them in Telegram groups or even on the common web. In a minute, a teenager sitting in his house can get credentials to log in to an e-commerce site,” Rinsky emphasized.

Thus, in order to block fraudsters, businesses will need increasingly sophisticated anti-fraud technologies, especially if password stealers use bot which, as Riskified sees, make up to 40,000 attempts per hour to log into accounts on many e-commerce sites.

“When one door closes, scammers open the next. It’s a game of cat and mouse,” Rinsky said.

Cohen and Rinsky explained that while Riskified and other companies are working behind the scenes to resolve vulnerabilities in authentication methods, everyone can help protect their own accounts by not reusing passwords.

Take care of the digital wallet

“Smart password management can also be the best protection against cybercrimes aimed at stealing digital assets,” said Shy Datika, founder and president of INX, a company that offers regulated digital asset and cryptocurrency trading platforms.

CB Insights report “12 Tech Trends to Watch Closely in 2022” revealed that while illicit activity affects less than “one percent” of cryptocurrency transactions, reports of crypto-related crime are growing by the day. .

“This includes hackers stealing coins from investors, people falling for investment-related scams, and more. In December 2021, after a security breach involving stolen private keys occurred on the BitMart exchange, $150 million worth of cryptocurrency was stolen by cyberthieves,” the document revealed.

That is why Datika calls cybercrimes involving cryptocurrencies “plain hacking.”

“If someone hacks into a phone or a computer and steals the password to use to get into a hot wallet, that is not a cryptocurrency cybercrime. It is simply achieved by stealing passwords,” she stated.

Although a small percentage of crimes related to cryptocurrencies -according to Datika between 10 and 20 percent- occurs during the transfer of cryptocurrencies between a cold wallet (physical) and a hot wallet (connected to the Internet), the specialist pointed out that it is impossible to hack the blockchain directly.

As for cyber scammers tricking people into sending crypto to their digital wallets, Datika revealed that this is just another old trick applied to a new form of money. “And it is likely to increase as cryptocurrencies become more popular,” he predicted.

Ransomware and quantum computing

Edo Yahav of SafeBreach, the most widely used continuous security validation platform, believes that large companies like fintech and healthcare will see many more of these more complex attacks in the years to come. An example: there will be much more ransomware

“Because it works and it’s lucrative. Companies often pay ransoms because they don’t want to lose their data. Thus, as long as it is worth it, this will continue and it will be more complex to stop it. Because of the ability to work from anywhere, the need to support a very dynamic workspace means that more tools need to be included in the security suite. Additional solutions and complexity lead to human error and hackers can take advantage of that. That is why companies must continue to carry out permanent security evaluations,” Yahav said.

On another note, the rise of quantum computing in the next decade already poses another big threat.

For Yahav, quantum computers can crack the protocols that protect online commerce, communications and financial services.

“This will change the security industry because it will keep large companies on their toes, who will have to identify and protect their most valuable assets with the right software instead of trying to protect everything,” he explained.

Because of this, Israel will continue to be a major source of cybersecurity solutions for new and future threats.

“The notion of security is embedded in Israel. Unless something changes dramatically in the region, we will only see more and more security mentality in the youth and intellectual leaders of the country”, she concluded.

