Friday, September 16, 2022

The Benefits Of Blockchain In The Travel Industry.

 

Blockchain technology advocates say it’s poised to disrupt numerous industries, ranging from finance to supply chain tracking and real estate. Blockchain promises to drastically transform the way data is stored and used, improving the transparency and security of transactions.

For these reasons, multiple industries have begun experimenting with the technology, and one of the most exciting segments is the travel industry, where it could potentially be transformational in many areas. 

First, a quick explainer. Though blockchain seems complicated, it’s quite a simple concept. It’s essentially just a ledger hosted across multiple public nodes that are used to store records of transactions. Each of these transactions is stored in a “block” secured with cryptography.

Because blockchain records are stored on many computers, the data is considered decentralized. Each block contains both transaction information and a time stamp, and they are stored on all of the nodes that make up the network. In this way, blockchain records cannot be altered without agreement across the network, a design that makes it almost impossible for someone to make changes without being noticed. 

Because blockchain originated with Bitcoin, the world's first cryptocurrency, in 2009, many people assume that the technology only has practical applications within finance and related industries. But the truth is that distributed databases can provide benefits in many different kinds of industries. 

Some examples include advertising, which can be used to prevent fraud by providing transparency around ad impressions. Other use cases include elections, which can provide the foundation for a transparent, open, online voting system.

Moreover, the traceability benefits of blockchain could be used to verify the authenticity of things such as educational certificates, qualifications, and licenses, which can be recorded onto a distributed ledger and made unalterable. Because of this, blockchain could eliminate the need for educational institutions to authorize credentials entirely.

How Blockchain Benefits The Travel Sector

There are many reasons why the travel industry might consider the adoption of blockchain. The industry notably relies on the cooperation of multiple players in the business, such as travel agents, airlines, and hotels, all sharing information with one another. For example, travel agents must pass their customers’ information to hotels and airlines.

Meanwhile, the personal belongings of those customers may also be passed on from one organization to another. Blockchain can potentially make it easier to access and store this information, and the data would be more reliable due to its immutable characteristics. 

Financial transactions also play a big role in the travel industry, and blockchain’s ability to simplify and secure payments is well known. After all, payments were the first major use case of the blockchain (think Bitcoin). It’s especially helpful in the case of overseas payments, as cryptocurrency knows no borders. 

Such advantages become all the more compelling when one considers the size of the travel industry. According to Statista, the combined travel industry contributed more than $9 trillion to the global economy in 2019. Though the COVID-19 pandemic severely impacted travel in 2020 and 2021, the sector still generated $4.7 trillion and $5.8 trillion respectively, in those years. 

The travel industry is made up of multiple sectors too, including transportation (airlines, car rental, and public transport), accommodation (hotels, Airbnb, hostels, cruises, and so on), food and beverages (including restaurants, bars, and cafes,) and entertainment (such as theaters, shopping, nightlife, etc.). Each of these segments is a multi-billion dollar industry in its own right, and there are many possibilities to apply blockchain technology to them all. 

While the travel industry was hit hard by the global coronavirus pandemic, the sector has rebounded strongly since the world began reopening. According to the United Nations World Travel Organization, the number of international tourist arrivals globally in January 2022 increased by 130% compared to a year earlier, with the 18 million extra visitors recorded that month equalling the total increase throughout the entirety of 2021.

Having been trapped indoors for the best part of two years, it’s clear that people are desperate to get outside and explore, and 2022 is consequently shaping up to be one of the best years ever for international travel. 

With that in mind, it’s worth exploring some of the more exciting ways in which blockchain can potentially be applied to improve efficiency and transparency in one of the world’s fastest-growing industries. 

New Possibilities With Blockchain Interoperability

One of the most pertinent blockchains for the travel industry is Flare Network, which has created a unique protocol known as the State Connector that makes it possible to connect to any kind of network, including other blockchains and also public APIs. 

Flare’s State connector was built to solve problems around blockchain interoperability. Those familiar with how the technology works understand that there are multiple blockchains in the world – such as Bitcoin, Ethereum, Avalanche, Binance, Solana, and so on – that all operate independently and are unable to communicate with one another due to technological incompatibilities.

In addition, blockchains also have no way to communicate with non-blockchain systems, such as traditional databases and APIs.

The State Connector changes this, providing a trustless way for one blockchain to read the state of transactions on any other chain or system. So, not only does it enable information to be passed from one blockchain to another, but it also allows blockchains to tap into other, real-world data sources in a decentralized way.

In a nutshell, the State Connector is a smart contract that allows decentralized, blockchain-based applications to query information from outside the network they’re running on. This is accomplished via a network of independent attestation providers, which are incentivized to gather the requested information and verify it before delivering it to the Flare Network. The State Connector ensures that enough of these independent attestors agree that the information is correct, and if so, it then publishes it to the network. 

In this way, the State Connector can, for example, check to see if a deposit has been made on another blockchain. So if someone pays for their airline ticket using Bitcoin, it can inform an application on Flare or another network the moment that payment has been confirmed.

The State Connector can also power other kinds of dApps that react to real-world events, such as traditional bank transfers, the outcomes of sports events, home purchases, educational attainments, insurance claims, or anything else that might be accessible via an API. 

For the travel industry, this has a lot of potentially transformational implications. A hotel or an Airbnb could start managing their bookings through the blockchain. At present, when a traveler books a hotel through an aggregator site such as Booking.com or Expedia.com, a significant portion (between 10% and 25%) of the price goes on commissions and other overheads. With blockchain, it becomes possible for hoteliers to cut out the middleman, meaning no commissions and cheaper prices for travelers (or more profit for the hotel). 

Flare’s State Connector can be used to enable dynamic pricing to maximize efficiency. Most hotels usually alter their prices based on demand and availability, using complex APIs and third-parties. Hotels can simplify this by using the State Connector to connect to their website’s API in order to retrieve relevant pricing data at lower costs. 

It’s a similar story for the airline industry, where flight bookings are often made through third-parties like Skyscanner. Once again, airline prices are usually dynamic, with tickets costing more during peak travel times and less when fewer people are traveling. With Flare’s State Connector, airlines can sell flight tickets through dApps that are connected to real-world pricing systems via APIs. 

There are even greater possibilities when we combine blockchain with related technologies such as non-fungible tokens. NFTs, as they’re called, can be used to represent each passenger on a cruise ship for example. They could install an app on their smartphone when they board a ship that contains a wallet plus a utility NFT.

The cruise organizer can then create various games and activities tied to the real world via this app where the passengers can earn points throughout their trip. Points would be distributed via an API powered by the State Connector. Those who make a certain amount of points can be given prizes and benefits, such as a free dinner at a restaurant or a massage. These points would be linked to the passenger’s NFT for verification purposes. 

A Winning Combination.

Blockchain technology and the travel industry promise to be a winning combination. It has the potential to put forward-thinking travel service providers at the forefront of innovation while enabling them to build greater trust with their customers through reduced costs and more efficient systems. 

One of the significant challenges in the way of blockchain adoption is the lack of standardization. Using multiple blockchain networks can cause major headaches for an industry heavily reliant on data exchange. This is where innovations like Flare’s State Connector can pave the way forward, providing a simple way for blockchains and other systems to communicate with high trust and transparency. 

Blockchain will have so many positive implications that its implementation in the travel industry is undoubtedly only a matter of time. Industry participants will benefit from lower costs and more efficient systems, but the real winners will be travelers, as blockchain enables a more secure and trustworthy way to travel.

 

Akamai Mitigated Record-Breaking DDoS Attack Against European Customer.

 

On Monday, 12th September 2022, cybersecurity firm Akamai mitigated a distributed denial of service attack (DDos Attack), which has been declared a record-breaking attack in terms of packets-per-second compared to the attack Akamai recorded in July.

For your information, cybercriminals bombard servers with fake requests and traffic to prevent legit visitors from accessing their services in a DDoS attack.

The primary targets of the attack Akamai recorded recently were European companies. It peaked at 704.8 million packets per second, marking the second attack on such a massive scale against the same customer within a short span of three months.

According to Akamai’s Craig Sparling, prior to June 2022, this customer only saw attack traffic against its primary data center. However, unexpectedly, the attack campaign expanded, hitting six different global locations, from Europe to North America.

The attack was thwarted on the same day it was identified. Though not the largest DDoS attack ever, this one raised eyebrows because it was the largest attack against European organizations. The attackers used UDP as their DDoS vector and ICMP, SYN, RESET floods, TCP anomaly, PUSH flood, etc.

Attackers managed to target more than 1,800 IP addresses of a single organization, and the attack was dispersed at six different locations. Akamai noted that this attack originated from the same threat actor that targeted it previously, while the target is also the same unnamed customer based in Eastern Europe.

Previously, the attacker targeted the company’s primary data; this time, they could target 6 data center locations in North America and Europe.

Akamai recorded a humongous 659.6 MPPS DDoS attack back in July. The latest attack was 7% higher than the one in July. The company received 74 DDoS attacks before July, and around 200 attacks afterward. The company stated that this campaign indicates attackers continuously improve their attack techniques to evade detection.

 

Uber Hack – Ride-hailing Giant Investigating Large-Scale Data Breach.

 

Uber Inc. is investigating a cybersecurity incident where a hacker claimed to have breached its internal network and took down multiple engineering and communications systems. Initially discussed on social media the incident affected Uber’s internal Slack messaging, which was shut down after a cybersecurity breach and compromised the company’s data.

What Happened?

Reportedly, on Thursday, Uber employees received a Slack message from someone claiming to be a hacker. The attacker also urged that the company increase its drivers’ pay.

“I announce I am a hacker and Uber has suffered a data breach,” the message read.

For your information, Uber uses Slack for its internal communications system.

After accessing one of the company’s staff member’s Slack accounts, the hacker could compromise Uber’s internal databases, after which they posted an explicit photo on the company’s internal information page for its employees after getting control of its internal systems.

The breach was discovered shortly after, and resultantly, Uber’s IT security team took most of its internal engineering and communications systems offline. An investigation into the incident was also promptly launched.

Data Breach Details.

The unknown hacker claims to have stolen Uber’s exclusive data and shared images of cloud storage, email, and code repositories with cybersecurity experts. As per Yuga Labs security engineer Sam Curry, the hacker seems to have gained full access to Uber’s internal computer systems and carried out a “total compromise.

Meanwhile, Uber has instructed its employees to avoid using Slack, whereas its other internal systems are also inaccessible. Curry also shared a message apparently from an Uber employee which unofficially confirms the breach.

From another Uber employee:

Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes.

According to malware analysis platform vx-underground on Twitter, additional screenshots leaked by the threat actor show they allegedly have access to Uber’s AWS instance, vSphere, Google workplace, HackerOne administration panel, and several other platforms used by the San Francisco, California-based ride-hailing giant.

 

Social Engineering at Work.

 According to the New York Times, the hacker used social engineering tactics to infiltrate Uber’s communications system. He sent a text message to a worker at Uber claiming to be a corporate information technology personnel and persuaded the employee to hand over their Slack password.

Afterward, accessing Uber’s systems was pretty easy. The hacker claims that he is eighteen years old and was able to breach the ride-hailing company’s systems because of weak security.


Monday, September 12, 2022

Scammers Leveraging Microsoft Team GIFs In Phishing Attacks.

 

Cybersecurity consultant Bobby Rauch has discovered a new attack tactic in which threat actors exploit Microsoft Team vulnerabilities. According to Rauch, attackers can easily leverage Microsoft Teams GIFs through these vulnerabilities to launch phishing, command execution, and data filtration schemes.

What is GIFShell?

Rauch has named the newly discovered attack technique involving MS Teams GIFs as GIFShell. The technique allows attackers to create a reverse shell to facilitate malicious command delivery via base64-encoded GIFs in MS Teams.

Using a malicious stager executable, the attackers can establish their dedicated MS Teams tenant and start the attack using the GIFShell Python script.

GIFShell installs malware on the device and can sneakily extract data under the guise of harmless GIF images. Rauch noted that the attack entails the exploitation of multiple vulnerabilities in MS Teams to create a chain of command executions.

Furthermore, attackers only need to infiltrate MS Teams and any of the GIFs. Utilizing Microsoft’s web infrastructure, they can unpack commands and install them directly on computers.

Microsoft’s Response

In a blog post, Rauch stated that he notified Microsoft in May 2022. However, Microsoft claims that immediately releasing fixes for the attack is impossible. Moreover, the tech giant stated that the attack techniques “reported” by Rauch don’t meet the requisites for developing an urgent security fix.

Therefore, the best line of defense for you is not to open any GIFs shared by someone on MS Teams.

 

 

Sunday, September 11, 2022

WT1SHOP Cybercrime Market Seized by US And Portuguese Authorities.

 

The UD Department of Justice (DoJ) has confirmed that the notorious cybercrime marketplace WT1SHOP has been taken down by the US and Portuguese authorities for its involvement in nefarious activities.

According to the federal criminal complaint against the marketplace, it made millions of dollars by selling PII (personally identifiable information) over the years. This was one of the largest cybercrime marketplaces and offered around 6 million records for sale.

Complaint Details.

According to the complaint filed on 21 April 2022, WT1SHOP was operated by a 36-year-old national of the Republic of Moldova identified as Nicolai Colesnicov. The marketplace offered vendors stolen information including around 1.7 million login credentials like PII, approx. 25,000 scanned passports, driver’s licenses, 108,000 bank accounts, and 21,800 credit cards – Buyers could buy the records using Bitcoin

The website had 106,273 registered users and 94 registered sellers as of December 2021. By June 2020, WT1SHOP had sold 2.4 million credentials for $4 million. This included retailers’ and financial institutions’ login credentials, email credentials, PayPal accounts, and ID card details. Moreover, it also sold credentials for remote access and control of computers, network devices, and servers.

Shutting Down of WT1SHOP.

Authorities traced Bitcoin sales on the marketplace, and payments were made to its web host and email IDs. The login information was identified to be linked to Colesnicov. WT1SHOP was seized by Portuguese authorities, and four domains (wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net) were taken down by their counterparts in the USA.

After the website and its domains were seized, the DoJ unsealed the website seizure and criminal complaint. It was announced by the US Attorney for the District of Maryland, Erek L. Barron, and FBI’s Washington Field Office, Criminal Division’s Special Agent in Charge, Wayne Jacobs. 

Colesnicov has been charged with trafficking in unauthorized access devices and conspiracy. He could get a maximum penalty of ten years in federal prison if convicted.

 

 

Thursday, September 8, 2022

Samsung Data Breach Exposed Private Data of US Customers.

 

Samsung has announced that it suffered a data breach in July 2022 involving the personal data of US customers. The incident happened in late July this year and was discovered on August 4th, 2022.

According to the South Korean technology giant, the incident resulted in the breach of private user data such as names, dates of birth, product registration data, demographic information, and contact numbers.

Samsun sent out an email alert to its users after a hacker managed to breach the security of the tech giant’s US systems and stole customers’ data.

The company assured that the breach didn’t impact its customers’ credit card numbers and social security data, which was also stored in the system. The company has yet to disclose the number of affected customers but has notified them through an email sent on Friday.

Samsung noted that the breached data may vary according to relevant customers and that none of the consumer devices were hacked by this breach. It also stated that its business operations or customers stayed unaffected.

Nevertheless, the company claims to have implemented necessary measures to prevent similar incidents and offers uninterrupted services to its customers. Samsung has also hired a private cybersecurity and law enforcement agency to investigate the latest incident.

Those impacted in this breach are advised to remain cautious of phishing scams, track their credit profiles, and check Samsung’s privacy policy and FAQs section.

Second Data Breach in 2022

It is currently unclear who perpetrated this attack. But, it is certainly not the first time the tech vendor has suffered a data breach. In fact, Samsung has been a victim of several data breaches in the recent past. In March 2022, the company confirmed suffering a data breach after the Lapsus hackers leaked 189 GB worth of sensitive data online.

 

The Lessons To Learn From Nomad Crypto Hack.

 

In what sounds like a case of gross negligence, Nomad, a new start-up in the cryptocurrency space, lost $190 million in a series of hacks. But in this instance, calling it hacks is being too nice. Usually, hackers require skills and strategies that take time and effort to execute. 

Apparently, in Nomad’s case, the attacks were a “free-for-all” crypto spree where anyone, even people with no prior IT skills, could seize on the platform’s shortcomings and withdraw crypto from its accounts. To make matters worse, the hackers could even withdraw more that was available in the accounts. 

If you’re baffled like we are, grab onto your socks and keep reading to learn more about what might have transpired at Nomad.

What is Nomad Crypto Startup?

Nomad is a crypto wallet or bridge that lets you transfer crypto from one blockchain network to another safely and conveniently. Obviously, not. But crypto bridges work by wrapping tokens on one network to an equivalent amount on another. This might sound complicated, but it’s really not. Think of wrapped tokens as representations of the value of the original token on other platforms. 

Furthermore, Nomad is a blockchain messaging platform that allows players such as developers to share arbitrary data across chains and even make smart contracts. The service makes online collaborations when developing blockchain applications while working from different regions much more convenient.

What Safety Considerations Should You Have When Buying Crypto?

It’s unfortunate, but the world of cryptocurrency is cutthroat in every sense of the word. On the business side, hundreds of currencies exist, and more are joining the market every day, driving up the competition. There are also hundreds of different crypto products at various stages of their development process. Furthermore, we are also only starting to understand the real implications of blockchain technology and cryptocurrencies.

Unfortunately, this has also created the perfect storm for scammers and players with malicious intent to thrive. For instance, in the case of Nomad, even though we still maintain that this is a case of gross negligence, it also reflects the prevalent evils in this space. However, vulnerabilities, where anyone can just walk into a platform and withdraw more than there is, should not exist in the first place. 

The pill is easier to swallow when you hear hackers went on a phishing expedition or discovered a system flaw that moves the industry’s security forward. As such, you should be very keen with any dealings or transactions you make with crypto to avoid being one of the victims. 

One way to protect yourself is to buy crypto with a prepaid card that does not link back to your primary accounts or personal information. This will limit your risk of losing more than is on the prepaid card if you get hacked or compromised somehow. 

You should also only sign on to crypto services like bridges, wallets, exchanges, and currencies on reputable platforms with a proven safety record. As important as first adapters are to the product introduction cycle, we can all agree it’s safer to step back from new ones in the crypto scene. This will ensure you’re not one of the people who lose their investments from hacks like the one witnessed at Nomad.

A problem to Solve

The truth is that stories of people invested in a new crypto venture losing their money are common in the news today, and we have all but grown numb and accustomed to them. But it should not be this way. 

For far too long, hackers and ill-prepared crypto platforms have cost far too many their crypto investments and confidence in the system. And even though, in Nomad’s case, they have attempted to recover the lost funds, we think it’s time authorities take a hard look at the crypto industry and provide ulasting solutions to the problems that plague it.

 

 

The Benefits Of Blockchain In The Travel Industry.

  Blockchain technology advocates say it’s poised to disrupt numerous industries, ranging from finance to supply chain tracking and real e...