Gitex Technology Week: Securing BlockChain against bank fraud

Dubai: BlockChain might seem like the last technology that would require extra security. Designed to be secure and heavily promoted for its ability to establish an unbreakable record of transactions, companies are now having to find ways to make sure the data being added to the chain is coming from authentic sources.

“BlockChain as a technology offers a lot of the integrity measures that you need,” said Dr. Amin Hasbini, head of Kaspersky’s Research Centre for Middle East, Turkey, and Africa. “But the process of verifying the data itself needs to be secure, especially in the banking sector.”

He said attackers try to imitate the bank or use the bank’s infrastructure to launch fake transfers. This happened when the Lazarus Group, a hacking group sometimes associated with North Korea, stole $81 million from the Bangladesh Bank’s account at the Federal Reserve Bank of New York in 2016. The Lazarus Group is also active in UAE, Saudi Arabia, Oman, and Turkey, according to Hasbini.

“These people are very active, and they’re very motivated,” he said. “They are already familiar with the technology, and they are attacking a lot of organisations.”

The problem, Hasbini said, is that many applications have been built to work with BlockChain, and these apps themselves can be insecure. “I don’t need to say threats are increasing. It’s not something that is hidden,” he said. “[There is] an increase in the sophistication and quality of attacks. In terms of the Gulf, we see an increase in the activity compared to other regions,”

How to protect yourself

There are a number of ways for users to protect their data. Here are the recommendation from Dr. Amin Hasbini, head of Kaspersky’s Research Centre for Middle East, Turkey, and Africa.

Password managers: Use software to help manage your passwords and don’t use the same password twice. Also, use a password manager with a digital token or other two-part authentication. This can be either on a memory stick or an app on your mobile phone.

“This is something that is applicable, doesn’t cost much, and is something that can help avoid 99.99 per cent of the problems for any users,” he says.

Always update: Always have a device that is update to date, and always install the latest patches. This is extremely important, he says. Updates that were released just last week include patches for Android and WhatsApp vulnerabilities that allowed hackers to gain remote control of devices.

Research: Learn what you can about cyber security. Hasbini recommends everything from watching YouTube videos on security to learning to tell a good URL (web address) from a bad URL. A bad URL will often have misspellings or other misinformation in it.