Story image

Maximising blockchain’s potential with privilege controls - CyberArk

13 Mar 2019

Article by CyberArk A/NZ solutions engineering manager Andrew Slavkovic

Blockchain continues to be lauded as a technology that will open myriad new possibilities and solve endless business problems.

However, there are still many questions around how the distributed ledger technology can be best applied to securely conduct, verify and record the online transactions that cause the biggest headaches.

Following the rise in the value of Bitcoin and other cryptocurrencies, the size of the global blockchain technology market is set to reach US$7.59 billion by 2024 – representing a 37.2% compound annual growth rate over the next five years.

Estonia and other countries are taking the lead by migrating an increasing number of government services to blockchain-based transaction systems, however, the technology is still comparatively nascent in Australia.

The Australian government’s Digital Transformation Agency (DTA) recently declared that blockchain is still a solution looking for a problem.

While it finds the technology has potential, the DTA has not yet identified how blockchain can deliver better value for government services over other traditional solutions.

This national commentary is compounding the uncertainty around how to best secure blockchain and ensure its fit for purpose.

Blockchain, like any technology, has its downfalls.

Despite its inherently secure design, security is of particular concern.

While blockchain itself is considered to be ‘safe’, vulnerabilities can be targeted on the endpoints – where the technology interacts with less secure environments, such as common business networks. Business network infrastructure usually relies on standard IT components, including servers and databases, where cyber risks and vulnerabilities are well established.  

If an attacker is able to leverage a vulnerable entry point, such as an unprotected device or IoT sensor, and gain entry into a distributed ledger that doesn’t have the appropriate privilege controls in place, the application underpinned by blockchain is no longer secure.

One of the key threats leveraging this attack path is a new breed of malware known as cryptominers, which targets the cryptocurrency transactions that blockchain underpins.

Cryptominers take over a computer’s resources and uses them for illicit cryptocurrency mining.

The server, application, and ledger processes can be compromised, and attackers can tamper with the entries in the ledger.

Successful exploits can result in attackers being able to impersonate authenticated users and access sensitive data.  

Trend Micro reported that between January and July 2018, cryptomining attacks increased by nearly 1000% compared to the second half of 2017.

The appeal of cryptomining, compared with other exploits like ransomware, is the simple conversion of electricity and access to computer hardware into money – in most cases completely undetected.

Here are some tips for organisations looking to secure the blockchain against endpoint vulnerabilities:

  • Gain better control over the entire IT environment. By having more effective oversight – especially concerning IT administration activities and monitoring their use of privileges – businesses will have a greater understanding of both legitimate and suspicious activity.

  • Firewalls and antivirus software are not enough. Businesses must authenticate and record individual access into the blockchain environment to avoid fraudulent activity, and secure against privileged attacks that result in the compromise of the ledger.

  • Establish user security provisions. It’s a fine balance to retain user flexibility on the endpoint without compromising security. Containments and security policies can be added to allow applications to run when accessed by trusted users, and alternately block applications when suspicious activity is detected.

  • Leverage endpoint behavioural analytics. This emerging technology allows businesses to monitor and identify unusual activity. Such analysis will help businesses proactively lock down accounts with suspicious activity, thereby mitigating security risk in real time.  Once suspicious or malicious activities have been identified ensure the endpoint is able to take relevant actions to prevent further damage.

Blockchain has remarkable features that offer great potential.

Ground-breaking applications are being trialled across industries including financial services and healthcare.

However, businesses must ensure the environment the technology interacts with is secured.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."