Cyberattacks Are Getting Worse. Is Web3 the Answer?
On the morning of 24th November 2014, employees at Sony Pictures Entertainment showed up to work at their California office, only to be greeted by pictures of grinning red skulls on their computer screens. Screens bore the headline ‘Hacked By #GOP’. Almost like something out of the movies they produce.
The hackers were able to make off with a ludicrous amount of data, including internal emails, excel files full of passwords, and even unreleased movies that quickly began appearing on file-sharing websites. While there wasn’t any watertight evidence to prove it, it’s almost certain the attack was carried out by the ‘Guardians Of Peace’(also known as the Lazarus Group), who are purported to be hackers backed by the North Korean government, and the motive behind the attack was to sabotage the release of ‘The Interview’, a comedy about a plot to assassinate Kim Jong Un.
While Sony canceled the film’s mainstream release, opting to skip to a digital release accompanied by a limited theatrical release, the film's media frenzy may have only served to make it more popular. Guess people don’t like censorship.
This was the first time the world learned the hermit kingdom probably had some pretty good hackers, and over the years the group has been linked to many high-profile hacks causing hundreds of millions in damages, from the Bangladesh Bank Cyber heist to the WannaCry ransomware attack.
It has gotten easier to learn how to hack systems on the internet. You don’t necessarily need a powerful machine to carry out sophisticated hacks either.
IS WEB3 THE ANSWER?
Blockchains and crypto were supposed to be the answer to these security concerns. Surprisingly, among all the different types of vulnerabilities hackers exploit, crypto weaknesses were the most common, making up 39.7% of all vulnerabilities, with cross-site scripting coming in second with a much smaller 12%. It means while blockchain is inherently more secure, it isn’t enough by itself. There’s still a piece all crypto projects are missing.
Web3 has solved the issue of compromised central repositories by decentralizing the network. All nodes execute code in parallel and must agree on the result of this execution, without which attackers won’t be able to gain control. Web3 also appears to promise better security against injection and DOS attacks, with the ability to adjust transaction prices.
Decentralized applications also don’t have a single point of failure. If hackers can take down certain key servers in a centralized application, the entire network could go down. Imagine a blown transformer taking down the entire city’s power supply. During the premiere of Squid Game’s final episode no less.
Web3 applications, on the other hand, rely on multiple nodes, so even if hackers are able to take down a node, the others will still stay up and keep the network running. Web3 Dapps are also a lot more transparent with their inner workings than a traditional corporation’s software, allowing the community to contribute to a more secure environment.
Nevertheless, we still hear about ‘Web3’ apps getting hacked though, and that’s mainly because of links to the legacy internet they still retain. Around 4 months ago, hackers drained $120 million from BadgerDAO, using a Cloudflare vulnerability. While BadgerDAO was supposed to be a secure Dapp, a lot of its tech stack was still centralized. You can read our full article on how the hack occurred and why Point Network is the only virtual place that can actually be called a Web3 project with a completely decentralized stack.
We’ve come a long way from the time 15-year-olds were hacking NASA, but there are improvements to be made. Security experts who transition from traditional security firms to Web3 might be taken aback by the incredible amount of time auditors spend testing smart contract logic, or the astronomical stakes that surround projects launched right from the very start, as opposed to a traditional application that you could just slap layers of beefy security on as the months pass by. However, more security experts and ethical hackers are exactly what Web3 needs right now.
On that note, Point Network is always looking for talented developers who hunger to create a more secure, private, and censorship-free internet for everyone. If you believe you resonate with that ambition, feel free to drop an email to careers@pointlabs.org
Disclaimer: This post is not financial advice
Find us at www.pointnetwork.io
Join our Telegram at: https://t.me/pointnetworkchat