Security Expert Examines Latest FBI DeFi Warning

Security Expert Examines Latest FBI DeFi Warning

Investors are pouring millions of dollars into encryption as concerns over data security fuel a growing need for ways to protect personal and corporate information from prying eyes — © AFP

Recent USA FBI Advisory Alert was released to investors. The warning indicates that cybercriminals are increasingly exploiting security vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrencies.

Looking at the background of the warning about digital magazine Surya Chatterjee, Head of Products & Alliances at Skybox Security.

Chatterjee explains why the US government sought to issue an alert and what the implications are: “The FBI issued an alert noting that attackers are targeting known common vulnerabilities and risks (CVEs) on decentralized finance platforms to steal cryptocurrencies.”

There have been several government warnings about cybersecurity issues in recent months. Chatterjee says: This is the latest urgent reminder that cybercriminals are increasingly targeting known vulnerabilities lurking in plain sight and turning them into backdoors for deploying complex attacks that are increasing at a record rate. If organizations rely on traditional vulnerability management approaches, they may initially move to only fix the highest severity vulnerabilities based on the Common Vulnerability Scoring System (CVSS).”

The reason is that many companies follow a similar path when developing their control systems. Here Chatterjee points out: “Cybercriminals know that this is how many companies ensure their cyber security, so they have learned to use vulnerabilities considered less important to carry out their attacks. The Skybox Research Lab recently discovered that new cryptojacking programs up 75% over last year.

Cryptojacking is the unauthorized use of other people’s computing resources to mine cryptocurrency.

Despite the risk, something can be done. Chatterjee explains: “To stay ahead of cybercriminals, companies need to address the risks of exposure to vulnerabilities before hackers attack them. This means a more proactive approach to vulnerability management by learning to identify and prioritize open vulnerabilities across the entire threat landscape. Proactive vulnerability management approaches can significantly reduce the time and resources spent by threat teams reactively searching enterprise-wide indicators of compromise (IoC) and indicators of attack (IoA).”

Chatterjee further recommends: “A robust risk management program explicitly links vulnerabilities to appropriate malware names and types (such as Cryptocurrency Miner) to improve MTTD/MTTR and reduce the risk of enterprise-wide hacking. Organizations must ensure they have solutions in place that can quantify the business impact of cyber risk in the economy. This will help them identify and prioritize the most important threats based on financial impact, among other risk analyzes such as impact-based risk assessments.”

Chatterjee’s final piece of advice is: “It’s critical for organizations to increase the maturity of their vulnerability management programs so they can quickly discover if they’re affected by vulnerabilities and how urgently they need to be fixed.”

Previous Post
Black smoke rises at the front line in Mykolaiv, northwest of Kherson region, where Ukraine has launched a major operation to reconquer lost territory
Blog

Opinion: Ukrainian offensive achieves much more than it seems

Next Post
A 'We Are Hiring' sign is seen in front of a restaurant in Los Angeles, California in August 2022
Blog

Slow down or not? The US labor market is on a tight rope

Leave a Reply

Your email address will not be published. Required fields are marked *