In 2017, the majority of cryptocurrency startups, especially from the CIS countries and Asia, did not pay enough attention to the security issues because of the desire to quickly bring the product to the market. The state of the “Wild West” and the release of projects without systems to protect investor funds provoked a downturn in the market.
Common types of attacks
The most common types of cyber threats include: gaining access to the user’s PC or distributing malware that allows an attack such as Man-in-the-Browser.
According to Ernst & Young’s report, hackers stole up to $ 1.5 million monthly using phishing attacks on ICO projects every month. Also the study showed that cyber scammers steal a tenth of the funds collected from ICO and about $ 2 million from cryptocurrency exchanges every month.
A study by Skybox Security states that in 2018, the number of cryptocurrency miner viruses exceeded the number of previously popular ransomware Trojans. In six months, 32% of all cyber attacks were crypto miners, while scammers used ransomware viruses in 8% of cases. In order not to fall into the trap of such viruses, it is enough to use plugins to disable scripts on web pages and ignore questionable programs on torrents.
What it consists of safety assessment.
To assess the security of the company systems, experts have created a threat model. Then, using manual and automatic analysis, experts identify and exploit vulnerabilities in order to understand how attackers can use them. The final report describes the actions at each stage of the assessment, as well as recommendations to eliminate the found vulnerabilities.
If we are talking about a decentralized payment application, the auditors validate the source code of the contract and confirm its certification. Other application and infrastructure standards migrate from the industry and are a mix of NIST, PCI DSS and ISO standards.
Now many companies are willing to spend at least $ 15,000 on safety assessment and the introduction of countervailing measures in order not to lose their reputation or even their business. We are talking about pentest applications and infrastructure, social and technical testing of the development team and the use of the Bug Bounty program.
“This point of view is shared by the leaders of many cryptocurrency projects who are engaged in their security in the long term. Such a project can already be considered half valid, ” – says CEO of Hacken.