Phishing scams continue into the Web3 era
There’s a lot of buzz these days surrounding the rise of Web3 technologies that employ blockchain technologies to create immutable instances of data that can be shared and accessed across decentralized networks. Rather than having to rely on centralized services built using Web 2.0 technologies, the goal is to both make data more secure without having to rely on centralized cloud services that are controlled by a handful of what have become extremely large entities.
As noble as that effort might be, however, Web3 platforms are still accessed using various types of credentials. As such, they are subject to variations of the same phishing attacks that currently plague Web 2.0 platforms. Microsoft, for example, has published an alert describing how encryption keys relied to on access Web3 platforms could be compromised by impersonating digital wallet software, deploying malware on victims' devices, typosquatting the front end of a legitimate smart contract, or minting rogue digital tokens for Airdrop scams that rely on users investigating what a mysterious token is only to have their credentials stolen.
Collectively, these so-called ‘ice phishing’ techniques one way or another fool end users into signing a transaction that surreptitiously gives control over a token to a cybercriminal.
There is already billions of dollars being poured into Web3 research and development. The term Web3 was coined by Polkadot founder and Ethereum co-founder Gavin Wood in 2014. At its core, Web3 describes any exchange of a digital asset without involving a central authority. The entity that manages the exchange of digital assets is referred to as a decentralized autonomous organization (DAO). The core idea is not so much about supplanting the existing Web 2.0 framework as much as it is layering alongside a separate framework that gives users and organizations more control over not just transactions but also their data as the need to rely on centralized Internet services lessens.
Decentralization is enabled because a blockchain platform provides each member of a network with a copy of the exact same data using a distributed ledger. If a ledger is altered or corrupted in any way, it will automatically be rejected by the other ledgers on the network. Every entity on the network has access to a shared real-time view of the data stored in the ledger.
One of the major benefits of decentralization is it reduces reliance on any specific platform that could result in systemic outages and bottlenecks. It also optimizes the distribution of resources to enable better performance, consistency, and an overall safer application experience. There are, however, still challenges to overcome. Blockchain platforms, for example, consume large amounts of energy so any approach to decentralization will need to be aligned with climate change policies and requirements.
They can also be employed to finance a wide range of illicit activities that make it much more challenging for law enforcement agencies to track financial payments. It’s no accident that cybercriminals demand ransom payments to be made using cryptocurrencies.
No matter the platform, the phishing techniques cybercriminals employ to compromise credentials will be adapted. The thing to remember is no matter how great a platform may be, there will never be perfect security.