A look at what’s new in cybersecurity

On February 2nd, the largest DeFi (decentralized finance) hack of the year took place. Hackers exploited a vulnerability in the popular token bridge Wormhole. They were able to steal 120,000 wrapped Ether tokens – a sum worth $322 million in US dollars. Wormhole is a token bridge, which means it allows users to send and receive different types of crypto without a centralized exchange.

The platform uses a lockup/mint and bum/unlock mechanism to transfer tokens between blockchains. The hackers took advantage of a vulnerability on the Solana side of the token bridge to pull off the crime. It was the second-largest DeFi attack in history and the biggest hack of 2022 so far. It’s a clear signifier that DeFi institutions are a favorite new target of hackers. The good news is that there are some promising developments in cybersecurity happening later this year.

New Tools for Penetration Testing

To prevent hacks like the Wormhole attack, decentralized platforms must think like hackers. In other words, they need to use penetration testing and vulnerability scanning. These processes will attempt to identify (vulnerability scanning) and exploit (penetration testing) security flaws in your network. In the second half of 2022, a slew of new penetration testing tools are set to release.

An Email Phishing Analysis Tool

Phishing scams are a pain point for any organization to contend with – and they can be tricky to spot. The Phish is a new email analysis tool that automates the process of weeding out phishing emails. It integrates with Cortex, an active response engine with over 100 analyzers built-in. ThePhish will extract indicators from suspect emails such as IP addresses and domains. It feeds them into Cortex for analysis, which determines if it’s a phishing scam or not.

A Test Platform for API Security

Beyond crypto platforms, APIs are another favorite target of hackers. That’s why every company needs to secure its APIs as best they can. Also, blind API is something companies can greatly benefit from. There’s also vAPI, or Vulnerable Adversely Programmed Interface, which is a safe environment for testing API security.  vAPI works by mimicking the OWASP API top 10 vulnerabilities in a lab-style environment so users can learn about them. It’s available as open-source software for download.

A Fuzzing Tool for Speeding Up Network Applications

Testing network applications is a time-consuming process. Time constraints can inhibit an organization’s ability to test its network apps properly. SnapFuzz is the brainchild of researchers from Imperial College in London. It’s a fuzzing framework that constantly checks for anomalies and bugs that are slowing things down. It’s an ideal tool for organizations with network application speed problems.

The New PCI Data Security Standard v4.0 

As of March, the PCI Security Standards Council released a new version of PCI DSS, the first new version since 2018. Version 4.0 claims to address emerging threats in the cybersecurity space. Changes include implementing MFA (multi-factor authentication) to access all cardholder data environments. That will beef up security measures for credit cardholders, making their accounts more secure. There are also some semantic changes, such as replacing ‘firewall’ with ‘network security controls.’ This was done to support a broader range of security technologies beyond firewalls.

The Wormhole attack was a wake-up call to many DeFi platforms. Cybersecurity continues to change at a rapid pace, meaning organizations need to stay extra vigilant when checking for vulnerabilities. In order to keep up, companies need to use as many cybersecurity tools as they can. The second quarter of 2022 is set to see the release of some attractive penetration testing tools and a new PCI DSS for more secure transactions.

Comments are closed.