Once a niche product, cryptocurrency has gone mainstream. Allied Market Research expects the global crypto market to reach nearly $5 billion by 2028, more than triple its estimated size in 2020. As the traditional finance industry embraces cryptocurrencies, a new business model known as “decentralized finance” (DeFi) is growing in popularity. In a DeFi model, customers purchase products on a public and decentralized blockchain network and seal the deal with smart contracts instead of going through financial intermediaries.
Blockchain technology is very secure, and crypto proponents argue that DeFi’s distributed model further improves security by spreading out risk. However, the front- and back-end web technologies that crypto companies use to run trading exchanges and host digital wallets are not built on blockchain, and those systems are as vulnerable to cyberattacks as those used by traditional finance companies.
DeFi platform BadgerDAO found this out the hard way in early December 2021, when it lost nearly $120 million to a cyberattack that targeted its front-end web technologies; specifically, the company’s Cloudflare Workers deployment. The threat actors compromised BadgerDAO’s Cloudflare account, then used Workers, a serverless computing solution, to insert malicious code snippets onto BadgerDAO’s website.
The BadgerDAO attack was not an isolated event. DeFi platforms have lost at least $10.5 billion to cyberattacks in 2021. Notably, this figure was calculated before the attack on BadgerDAO, as well as an attack on BitMart, which lost an estimated $200 million.
Because cryptocurrency is so new, many crypto businesses are startups, and their cybersecurity defenses lack the maturity of established commercial banks and other traditional finance companies. This makes them “soft targets” for cybercriminals, and can also make it very difficult or impossible to obtain cyber insurance.
Here are 5 cybersecurity defenses that cryptocurrency businesses must implement to reduce their risk and protect their customers’ assets.
1. Intrusion Detection & Intrusion Prevention Systems (IDS/IPS)
IDS and IPS systems work in tandem. An IDS analyzes network traffic flows, comparing activity to a threat database to detect the warning signs of known cyber threats. As its name indicates, an IDS is purely a monitoring and detection tool, not a defensive tool, which is why it must be paired with an IPS. An IPS proactively blocks potentially malicious activity by performing deep packet inspection, then denying network traffic that fits the profile of known security threats.
2. Endpoint Detection and Response (EDR)
EDR systems are frequently used as the first line of defense against complex cyberattacks such as ransomware and zero-day vulnerabilities. They collect and analyze telemetry from endpoints, such as employee devices, trigger alerts when they detect anomalous or malicious activity, and contain threats at the endpoint so that they do not spread throughout the network. EDR systems give security professionals the big picture of a threat throughout its entire lifecycle, including how the threat entered the network, what the threat is doing, and how it can be remediated.
3. External Penetration Testing & Internal Vulnerability Assessments
In a penetration test, an ethical hacker simulates the actions of a cybercriminal, using a targeted approach to see if they can defeat a network’s security defenses. Only by conducting regular external penetration testing can an organization ensure that information and network assets remain secure from unauthorized access and abuse. SECNAP’s External Penetration Testing services produce reports that include current vulnerabilities, prioritized by severity, and the actions the organization can take to resolve them.
An internal vulnerability assessment is a comprehensive review of an organization’s internal network that focuses on vulnerabilities that can be exploited by authenticated internal users as well as unprivileged guests. Unlike penetration tests, which attempt to exploit vulnerabilities, vulnerability assessments identify, rank, and report on security vulnerabilities. Devices within the network are evaluated for configuration backdoors, malware, trojans, and configuration errors. Remedial actions are recommended and prioritized so that the organization’s IT team can address the vulnerabilities immediately.
Periodic penetration tests and vulnerability assessments are required by many compliance frameworks, including PCI DSS.
4. Managed SIEM
A managed security information and event management (SIEM) solution is a key defensive security tool. SIEMs aggregate log and event data generated by organizational assets, such as security software and appliances, network infrastructure devices, and applications. The SIEM analyzes this data, identifies anomalous activity, and generates an alert. This enables security personnel to assess and respond to threats immediately, when they can still be stopped or mitigated. After an incident has occurred, security personnel can use automated audit trails to reconstruct the event, identify any remaining advanced persistent threats, and harden network systems against future attacks.
However, SIEMs are only as good as the human security personnel who monitor them, and the majority of organizations lack sufficient internal staff to monitor SIEMs on their own. Even after filtering out noise, SIEMs installed in average organizations generate 10,000 alerts per day; larger organizations can receive 150,000 per day or more. For this reason, organizations need to purchase managed SIEMs that include real-time security monitoring from 24/7/365 security operations centers (SOCs).
5. Web Application and API Security Analysis
As the Log4J exploit has proven, web application attacks are costly, destructive, and widespread. In the past five years, 56% of the largest cybersecurity incidents involved web application security issues. Additionally, the average time to discovery for web application exploits is a stunning 254 days. While organizations in all industry verticals need to be concerned about web app attacks, the risk is particularly dire for apps designed to handle money, including virtual currencies.
Web application security assessments yield valuable information and provide security personnel with an understanding of possible application security flaws, along with recommendations for remediation.
How SECNAP Can Help
Traditional finance companies can afford to invest millions of dollars in world-class security technologies to protect their customers’ assets. Young and early-stage cryptocurrency companies cannot afford these costs, but that does not mean they have to go without comprehensive cybersecurity.
SECNAP Network Security’s CryptoJacketTM cybersecurity platform fully addresses the security needs of cryptocurrency companies at an affordable cost. CryptoJacket is fully SOC 2 compliant and includes an IDS/IPS, EDR, external penetration testing and internal vulnerability assessment services, a managed SIEM, and web application and API security analyses.
Reach out to SECNAP today for a free consultation with our security experts, who will meet with your cryptocurrency IT team, review your network/cloud architecture, and provide advice and counsel for “locking down” your architecture from a security standpoint.