Uncategorized

Security Token Offerings Find a New Dawn with Blockchain Compatible HSMs

With the explosion of distributed ledger technology (DLT) as a safe and secure solution for the transparent handling and sharing of information across organizations, many are quick to jump on the DLT bandwagon. With blockchain’s industry value estimated to hit $23B by 2023, it’s hard to keep track of the blockchain-based financial solutions taking off left and right, such as ICOs and STOs.

Proponents of the distributed ledger technology known as blockchain consider it to be one of the best ways to secure transactions. But while blockchains have many desirable features –– such as transaction efficiency –– there are still other conditions to consider when it comes to leveraging its technology.

The publication of DTCC’s most recent paper on the matter outlines key risks associated with the use of the DLT technology, and an acknowledgment of the many security risks still associated with its use for both small businesses and enterprises alike. As the industry grows though, so do its risks. 

As security concerns related to the use of blockchain have continued to raise alarm bells across the nascent industry, the growing consensus among blockchain security experts highlights the need for blockchain-compatible security solutions that will directly address the threat of data theft and exploitation.

The excitement surrounding the use of Initial Coin Offerings (ICOs) over the past few years has been tainted by an onslaught of hacks, scams, and pivotal mistakes committed by investors. As it turns out, one of crypto’s biggest appeals — limited oversight and government regulation — also proves to be its greatest vulnerability.

But crypto assets are a new dawn. With the inception of the Security Token Offering (STO), the cryptosphere is beginning to reach true legitimacy in the financial world. Today, services such as Tokensoft’s offer a full suite of technology and consulting services for investors –– helping them maintain, trade and manage the entire lifecycle of a digital security.

Earlier this month TokenSoft announced its partnership with Tel Aviv-based cybersecurity firm Hub Security to provide clients of its transfer agent access to military-grade HSM protection. The military-grade hardware update ensures investor’s tokens and assets are safe and secure with Hub Security’s next-gen HSM and independent OS for the encryption, management and distribution of keys.

“TokenSoft’s new partnership with Hub Security allows us to provide members with top-tier, military-grade protection for their tokens, keys and assets –– accessible from anywhere in the world,” said Mason Borda, TokenSoft’s CEO.

Hub Security’s miniHSM device is the first of its kind to attempt to address the threat of data theft and exploitation head on. Built uniquely for the use of tokens, cryptocurrencies and other blockchain-based products, the device offers scalable, air-tight security that can support any blockchain-based digital asset.

HUB Security’s combination of hardware and software solutions includes ultra-secure internal signing authorization flow with a multi-signature vault, hardware firewall, access control, and a deep neural network learning system designed to anticipate and prevent cyberattacks.

Join Hub Security and TokenSoft online on Thursday, April 2nd for a free webinar with TokenSoft CEO, Mason Borda, to discuss the regulatory and security concerns surrounding the use and management of STOs.

Distributed Ledger Technology Implementations Require Refreshed Approach to Security, According to New DTCC Paper

A paper published February by the Depository Trust & Clearing Corporation (DTCC) calls for a more coordinated strategy around the development of a principles-based framework to identify and address DLT-specific security risks. With the adoption of distributed ledger technology (DLT) expected to grow in financial services, the DTCC’s white paper, Security of DLT Networks, outlines recommendations for establishing a comprehensive industry-wide DLT Security Framework.

Established in 1999, the DTCC is a holding company that consists of five clearing corporations and one depository, making it the world’s largest financial services corporation dealing in post-trade transactions. In 2011, the DTCC settled the vast majority of securities transactions in the United States and close to $1.7 quadrillion in value worldwide, making it by far the highest financial value processor in the world.

The paper outlines the need for today’s organizations to review existing security guidelines, gaps in their approach to DLT security, and the need for increased standards. The paper also suggests the possible formation of an Industry Consortium to spearhead this topic.

“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC. “DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”

According to the paper, the establishment of a DLT Security Framework would:

  • Assist in the completion of risk evaluations across an individual firm’s security assessments via best practices and tools, such as risk management & oversight, cybersecurity controls, third-party management, and incident & event management.
  • Address key aspects of the DLT key management lifecycle, including DLT-specific security considerations associated with the creation, maintenance, storage and disposal of sensitive information.
  • Provide security guidance and practices respective to account access with the use of cryptographic hash functions, standard authentication methods and bridging the security gap between DLT and traditional IT environments.

Many enterprises are beginning to pilot and deploy DLT technology. While many of these blockchain-based solutions are generally considered secure, as DTCC notes, they are not immune to security risks or regulatory constraints. Companies must begin to consider the security implications associated with the use of DLT as early on in the project as possible. If there’s one take away from the paper’s release, it’s a crude warning to organizations: take careful consideration of your DLT solution’s security before writing a single line of code.

Global ‘Cloud Hopper’ Hacking Campaign Reveals Major Security Gaps in Cloud Security

The Wall Street Journal recently wrote a full-fledged report on their investigation into the state-sponsored Chinese global hacking campaign called ‘Cloud Hopper.’ Its investigation reveals the true depth of the risks associated with compromised cloud data in one of the largest-ever global corporate espionage efforts.

Cybersecurity investigators first identified aspects of the hack in 2016, revealing that cyber-attackers allegedly working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from dozens of international companies over the past several years.

Hackers, known as APT10 to Western officials and researchers, gained access to cloud service providers where companies believed their data was being safely stored and protected. Once in, the hackers freely and anonymously hopped from client to client, evading investigator’s attempts to eliminate them. For years.

Now the WSJ is reporting that the attack was actually much worse than initially reported –– going far beyond the 14 yet to be named companies listed in the indictment. While most names are still hidden, it’s reported that the hack stretched across at least a dozen cloud providers, including CGI Group Inc., Tieto Oyj, and International Business Machines Corp. (IBM)

Some of the companies targeted include mining company Rio Tinto PLC (RIO), and health-care giant Philips NV. Both had highly-sensitive data compromised in the attack, including mining prospects and sensitive medical data and research. The Journal also uncovered hundreds of firms that had relationships with breached cloud providers, including Philips, American Airlines Group Inc., Deutsche Bank AG, Allianz SE and GlaxoSmithKline PLC.

The Journal found that Hewlett Packard Enterprise Co. (HPE), also compromised in the attack, was so overwhelmed that the cloud company didn’t see the hackers re-enter their clients’ networks –– even as they gave customers the all-clear. Even worse, it’s still unknown if the hackers remain in the companies’ network today. The Journal reviewed data provided by Security Scorecard, a cybersecurity firm, and identified thousands of IP addresses globally still reporting back to APT10’s network between April and mid-November.

FBI Director Chris Wray said that access gained through cloud providers provided hackers with the equivalent of a master key to an entire apartment complex.

What made it worse, was investigators in and out of government said many of the major cloud companies attempted to stonewall clients about what was happening inside their networks. Officials at the Department of Homeland Security grew so frustrated that they’re now reportedly working to revise federal contracts that would force them to comply with future probes.

Meet Us November 2019

Leave your details bellow and we will get back to you shortly to schedule a meeting!


Scroll to top

JOIN OUR NEWSLETTER

Keep up with cyber security news!