A Paradigm Shift in the Cybersecurity Arms Race
September 11, 2024
Written by CJ (@irncrypt) — Naoris Protocol advisor
Since the inception of blockchain, the ability to verifiably prove the truth in a decentralized and cryptographically sound manner has been at the core of its success and has served as a driving force for innovation over the past decade — allowing for the creation of disruptive applications across finance, gaming, entertainment, privacy and more. By etching data in an immutable fashion into the fabric of the Internet that is non-centralized, we unlock capabilities that allow us to re-engineer solutions to critical world problems.
Technology moving at such a rapid pace can at times be considered a double-edged sword.
While good for productivity and innovation, the risk of sacrificing stability and security still exists. It is no secret that we’re currently in a cyber security arms race. Both defenders and attackers alike are constantly scrambling to build better capabilities in order to overthrow their adversary. It has become all too common to hear of significant data breaches in the news - whether it be state-sponsored, organized cybercrime, or other. The fact is, although cyber defense is improving and spend is increasing year on year, even with the advent of cloud computing, individuals, businesses, public services, governments, and the military are still falling victim to cyber-attack on a massive scale. The impact is not limited to technological and financial either — lives are at stake as critical infrastructure such as hospitals, nuclear power stations, air traffic control, etc. are all being targeted. Furthermore, without sufficient controls in place, innovation and the advancement of ‘Web3’ will likely suffer since most of the tech is deployed on traditional ‘Web2’ infrastructure. Web3 also presents new and unique challenges that require a modern security solution in order to succeed.
Typically for any effort made to secure a system or network, there exists an adversary making attempts to subvert it. However, it is important to understand that the objective is not to build a system that is 100% secure — as this is likely impossible.
The goal is to possess sufficient defensive capability that will render a negative return on investment for the adversary.
One of the reasons attackers are so successful is due to the ability to operate within ‘dwell time’, which is a metric that records assumed initial intrusion up to the time of detection, at which point the incident response and remediation effort can begin. According to the Mandiant M-Trends 2022 report, the median dwell time is 21 days — however, it also notes that around 8% of organizations endure a dwell time of over a year and a half. In addition, detection is only part of the challenge — organizations must also be capable of mounting an effective response to ensure threats have been sufficiently neutralized in a timely manner. Unfortunately, most organizations are ill-equipped to implement the necessary counter-measures, especially against an advanced adversary, let alone discover the breach in the first place. In fact, most organizations fail at the most fundamental step in any cybersecurity program — understanding what assets they own. As the security adage goes — you cannot defend what you do not know about.
To understand the state of cyber security across the industry, we only need to look at breach headlines over the past couple of years:
- Ukraine Nuclear Power Plant Hit By Major Russian Cyber Attack (August 2022)
- NHS Hit by Major Cyber Attack (August 2022)
- Axie Infinity — Hackers Pulled Off a $620 Million Crypto Heist (March 2022)
- Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M (February 2022)
- Massive SolarWinds Hack has Big Businesses on High Alert (December 2020)
Our reliance on technology continues to increase year on year for better or for worse but it is clear that we don’t yet have a handle on security as a whole. The further integration of technology into our lives is a trend that is unlikely to change anytime soon either. From smart homes, smart cars and smart cities — where marketing departments of such corporations see use cases, utility and revenue — bad actors simply see an abundance of attack surface to pilfer and exploit for profit or otherwise.
The time to reshape the cybersecurity landscape is now. Blockchain technology presents us with a unique opportunity to approach challenges from a fundamentally different perspective — to create a robust layer of trust for every device on the planet that will form the next generation of the Internet.
It is time for Naoris Protocol.
Naoris Protocol is a decentralized cybersecurity mesh that leverages a purpose built blockchain to deliver a trusted enforcement layer via a novel consensus mechanism known as ‘decentralized proof of security’ or ‘dPoSec’. Devices that join the mesh become peer-to-peer validator nodes, reporting their cyber trust status, as well as validating the status of others. Devices may join the mesh by installing a software agent or ‘dApp’, which provides a direct channel of communication to the blockchain, ensuring there is no centralized authority or control in-place. Almost any device can be adopted, from Android mobile phones, to Windows laptops, Linux servers and IoT, among others. Naoris Protocol can be deployed even in highly centralized environments due to its peer-to-peer mode of operation and in doing so mitigates any single point of control in the security management and governance structure.
This is compelling for a number of reasons and truly enables a paradigm shift in cyber defense strategy. For most organizations, accounting for, managing and securing devices across the enterprise is a serious challenge — especially when disparate devices traverse a multitude of environments such as home, office, cloud and mobile. It is extremely rare to find an organization that has achieved 100% coverage in terms of asset management, let alone ensuring their predefined security policy is applied to each device. It is ironic that we now cater for a more decentralized technology environment, where employees can ‘work from anywhere’ yet our security controls remain centralized and in essence a single point of failure.
Bad actors prey on mismanaged devices and insecure configuration.
A single crack in an organization’s security posture is simply an opportunity for an adversary to gain a foothold — and they are probing for such weaknesses around the clock. Contrary to popular belief — hacking is not like the movies — there is rarely a hooded anon sitting in a dark room with his or her trigger finger hovering over the keyboard ready to input the command ‘./cybernuke.exe -t <target>’ before an organization is brought to its knees. It’s much more of a nuanced approach that begins with reconnaissance. An adversary will perform in-depth research and attack surface mapping to understand an organization’s security posture, before honing in on select targets with identified vulnerabilities. These vulnerabilities may be facilitated via social engineering — where the attacker engages directly with the user to subvert their trust and have them unknowingly execute an attacker-crafted payload on their device — or it may be a web facing vulnerability that can be exploited directly. In any case, if the target in question is unmanaged, does not have the organization’s security policy applied or contains inherent weaknesses, it is very likely to succumb to attack and end up compromised.
A compromised device is effectively an attacker-operated machine, whether the organization has detected the intrusion is another question.
From this point, the attacker can continue his or her objective from a new vantage point, typically from an elevated level of trust inside the organization’s environment, perhaps moving laterally to target more critical infrastructure. In the industry this is referred to as ‘offense in depth’ and the longer the adversary has to operate, the more devices he or she can potentially acquire and control, increasing the chances of a significant data breach by extracting or modifying sensitive data. A breach attempt tends to unfold more like a campaign rather than a single actioned take-down. This can happen in any environment too - a data center hosted banking network, cloud-based social media company, air gapped nuclear power station, web3 validator node infrastructure — the list goes on. However, the strategy almost always remains the same: perform reconnaissance, map the attack surface, gain a foothold, elevate permissions, move laterally towards critical targets, exploit and complete actions based on objectives.
You may be wondering ‘air gapped nuclear power station?’ yes — this must be part of a threat model that caters for ‘what if’ scenarios in order to prepare adequate counter-measures for when it *does* happen. Risk management from a cyber-security perspective is similar to trading the markets — it is unwise to think in absolutes and instead more advantageous to plan for various scenarios ahead of time, weight them in terms of probability, then execute when the time is right. This is known as having an ‘assume breach’ mindset.
To continue with the example threat case above, an adversary may leverage social engineering as an attack vector — perhaps he or she has identified an employee that works at the nuclear power station and has made a threat to convince said employee to deliver malware via USB stick to the air-gapped network. Unfortunately, in cyber-warfare, the possibilities are endless and the imagination of the adversary is plentiful, but if we are able to detect state change and the introduction of potentially harmful stimuli to such systems and networks, we have a much better chance at taking action before real harm is done. This is why advanced adversaries rely on stealth tactics leading up to the delivery of a malicious payload — and sometimes after. More time to operate equates to a higher chance of success. It is when attacks are thwarted swiftly that key vantage points are lost.
The Era of Cloud Computing
In the last decade or so we have witnessed a steady migration to cloud based services, which was exacerbated by the pandemic. The ability to become a tenant and adopt productivity and security tooling from providers such as Amazon, Microsoft and Google that can be instantly delivered to users for a monthly subscription fee is compelling. Such platforms are purpose built to facilitate rapid adoption — giving organizations an instant upscale in technological capability. From a cybersecurity perspective, this has transformed traditional perimeter based security — where organizations would typically adhere to a ‘castle defense’ type strategy and ring fence their infrastructure and users at an office or datacenter location (or both), to a more dynamic approach that caters for a modern way of working — think SalesForce, GMail, Microsoft Office and most other browser based services.
Focusing on the security element — this has likely produced a net positive as technology giants are able to invest vast amounts of capital to ensure their platforms contain cutting-edge features that are backed by teams of practitioners — as well as bringing a form of standardization to the industry. However, it should be noted that amidst the promise of solving traditional security problems, new challenges arise within the new frontier that is the cloud. The battlefield has merely shifted, for the war still rages on.
As promising as cloud technology can appear, from a cyber defense point of view there is a fundamental flaw present that is antonymous with founding principles of sound cybersecurity strategy and business continuity — to remove any single point of failure within a security or governance structure. In modeling a potential worst case scenario — if the cloud provider itself is compromised, the tenant being serviced by the cloud provider is at risk of compromise also. In such a scenario, there is also an industry wide risk of contagion given the mass adoption of such platforms. Furthermore, the tenant organization may not be in a position to detect downstream compromise nor defend itself appropriately as their security tooling may be disabled, dysfunctional or inaccessible. This is the great weakness in reliance on centralized systems.
Solving this inherent centralized design flaw was one of Naoris Protocol’s founding principles and thus baked into their ethos from inception. Trust can only truly exist if it can be verified as coming from a source of truth. By leveraging blockchain technology, Naoris Protocol can verify a device as being secure, as well as what it is reporting as truthful. Without such a system, implicit trust is required. If a device has been compromised but not yet identified as such, it has the potential to masquerade as a legitimate device while reporting false information to remain undetected. Naoris Protocol enables organizations to implement a layer of trust that is cryptographically verifiable and backed by consensus through blockchain technology that is complementary to any existing technology stack. This allows organizations to continue benefiting from their current capability, while mitigating single points of failure from centralized systems.
To Recap:
- Unmanaged and poorly configured devices are a liability as they can be easily compromised and used as a foothold to mount a subsequent attack phase.
- Attackers thrive during dwell time — the time at which the organization has not yet detected their presence in the environment. It provides attackers with more time to operate.
- A vast array of techniques exist to deliver a payload to a target. Reducing the mean time to detect and the mean time to respond in order to neutralize an adversary as quickly as possible is what will prevent initial intrusions from turning into data breaches that end up in the headlines — where company intellectual property and/or financial impact is significant.
- The ability to detect state change, identify threats and disrupt an adversary before real harm is done is paramount.
- Cloud-based security platforms may provide a variety of benefits and uplift an organization’s defensive capability — however the single point of control within the security and governance structure must be mitigated with a decentralized solution — such as Naoris Protocol’s decentralized cybersecurity mesh.
Naoris Protocol is a Game Changer
Naoris Protocol adopted devices constantly report their cyber-trust status as well as provide validation for every other device on the network, thus creating a robust layer of trust that is interconnected and always monitoring for state change or deviation from security policy. This makes networks stronger as they grow, not weaker.
THIS is a fundamental game changer.
Devices can no longer be left unmanaged, unaccounted for and/or poorly configured. There is now a binary state to consider. They are either part of the Naoris Protocol mesh or they are not. If they are part of the mesh, any degraded security status will be reported and thus fail validation, rendering the device untrustworthy and in turn isolated from the mesh, unable to communicate within the intended environment. This means that by default only devices that are healthy and conform to the organization’s security policy with sound configuration can participate. From a security point of view, this now shifts the balance very much in favor of the defenders.
As we know, unmanaged and/or vulnerable devices present an opportunity for an adversary to gain a foothold and mount the initial phase of an attack. With Naoris Protocol, no such devices exist. The very means of compromising a device would render a state change and cause the device to fail validation losing its membership to the mesh. The attacker would then be unable to utilize the device as a pivot point to progress further. The intrusion would also alert the organization’s security team and be investigated from the position of containment with no further threat to the rest of the environment.
This advancement in security capability is not limited to traditional environments either — Naoris Protocol is building a ‘HyperStructure’ that will serve as a next-generation cyber-trusted validation layer for almost all devices on the planet, across Web2 and Web3.
As per the whitepaper, the following design principles form the HyperStructure ethos:
- “Unstoppable — It runs indefinitely, and devices and networks can
adopt it or abandon it, but it cannot be stopped.” - “Permissionless — Users and builders cannot be deplatformed — it is
censorship resistant and accessible by anyone.” - “Minimally Extractive — Near base cost fees disincentivize forking
while powering an ecosystem development treasury managed by the DAO.” - “Valuable — Conceived to be a for-public endeavor, and yet, extremely
valuable to own and govern, which sparks an ecosystem around it.” - “Expansive — It has built-in incentives for users to behave fairly and
for builders to build on top of it.” - “Positive Sum — Wide adoption and usage of the protocol results in a
win-win environment for all network participants.” - “Credibly Neutral — To be adopted by a wide range of governance
structures, companies and individuals, HyperStructures need to be
radically neutral.”
Furthermore, the technology is complementary and does not compete with existing solutions. In-line with a sound cybersecurity strategy that promotes ‘defense-in-depth’ where controls are implemented in a layered fashion to counter a variety of threats, Naoris Protocol can be added to an existing environment via software rollout, where devices will immediately begin to inherit the benefits of a decentralized blockchain-based cybersecurity mesh.
Example Threat Cases
To provide insight into the specific threat cases that Naoris Protocol mitigates, here are some examples below. Please note this is not an exhaustive list.
Data Corruption or Tampering with Oracles
Oracles provide a method by which blockchains can interact with external data. It is therefore extremely important from a functional perspective that the blockchain is able to trust the data that the oracle provides. Failure to do so could result in devastating consequences. As an example, many DeFi products rely on real-time financial market data in order to provide services via their dApp. Naoris Protocol is not only able to secure the Oracle, it can also derive value through a function of time. Meaning, users of the protocol can cryptographically verify the length of time for which the Oracle has been trusted for. This is arguably just as important as understanding its current cyber-trust status given the application’s context. In addition, typical security audits will focus on a ‘point in time’ security state across a sample of devices. By using Naoris Protocol, an organization is able to prove the length of time each device in the enterprise has been in a cyber-trusted state.
Crypto Exchange Compromise
Crypto exchanges are usually a common target for attackers for obvious reasons. In addition, crypto exchanges often run feature rich software and provide interaction through APIs for both users and bots — resulting in a vast attack surface. Typically a misconfiguration or vulnerability in running software can expose the exchange directly, resulting in exploits leading to data manipulation, user account access, wallet access and so on. Such an attack would cause a Naoris Protocol adopted device to fail security validation — immediately ring fencing the exchange instance and preventing further communication. Such an event could then be alerted upon for the relevant security team to investigate.
Endpoint Defense Evasion
Endpoint security solutions aka ‘anti-virus’ has greatly improved in the last decade, moving from simple signature-based detection, where the solution can only identify malware it has been informed about by the vendor through definition updates, to ‘next-generation’ anti-virus that incorporates machine learning techniques to identify malicious behaviors. It’s therefore no surprise that cyber-criminals invest a lot of time into researching techniques to bypass such controls so that they can continue to operate uninterrupted upon device compromise. If this were to occur with a Naoris Protocol adopted device, the modification to the anti-virus software i.e. attempt to ‘evade defenses’ would result in a failed security validation — isolating the device and triggering an alert. Meaning that any attempt to evade the running anti-virus software, successful or otherwise, would render the device unusable for the attacker.
Malware Infection of Industrial Control System (ICS) for Nuclear Power Plant (NPP)
Critical and highly sensitive infrastructure is typically air gapped to prevent malware infection from the Internet or local networks. Unfortunately, malware can still be introduced via physical means such as a USB stick carried in by an employee. One of the most famous and sophisticated pieces of malware was the Stuxnet worm, which affected an Iranian Nuclear facility in 2010. This affected Windows systems, modifying files related to Siemens industrial software as well as PLC (Programmable Logic Controller) devices. The stuxnet malware was also able to spread to other systems. For devices that are adopted by Naoris Protocol, any such activity would fail security validation and the device would be rendered untrustworthy, at which point the device would become isolated, preventing the further spread of infection.
$CYBER TOKEN & ECOSYSTEM
Those that have operated in the crypto space for a while should be familiar with blockchain ecosystems such as Ethereum, where Ether ($ETH) is required to facilitate transactions, to be used as collateral within DeFi products and/or to make purchases. As the number of applications, use-cases, utility and users increase, thus causing an uptick in transaction volume, typically the demand for $ETH also increases, which is usually reflected in price. In addition, once Ethereum moves to a Proof of Stake (PoS) consensus model, demand will further increase as users will be able to stake $ETH to help secure the network. Within the Ethereum blockchain, it is primarily the users who facilitate transactions via medium of exchange or smart-contract interaction.
Naoris Protocol is powered by the $CYBER token. Devices hold and exchange $CYBER tokens when performing security validations — enabling cyber-based policy enforcement that is backed by consensus, providing users of the protocol with an unparalleled level of trust in their environment. This machine-to-machine token economy rewards devices for good behavior as well as for providing context-based threat intelligence to the protocol as a whole. This is immensely powerful as it promotes an environment that is incentivised to maintain high security standards as well as fueling an expansive global threat intelligence capability as the number of devices increase.
For example, if an energy supplier’s network is breached and mitigated, intelligence surrounding the incident such as the tactics, techniques and procedures (TTP’s) used can provide value to other energy suppliers that implement similar technology. On top of this, Naoris Protocol leverages “Swarm AI” — a machine learning system based on decentralized swarm intelligence principles that is correlated with known threat models. This enables both anomaly detection as well as the identification of insecure devices and configuration that may not be reflected in an organization’s security policy. For example, a blockchain project may have inadvertently implemented insecure configuration across their validator node infrastructure — exposing an exploitable web-facing vulnerability. Swarm AI may detect this as an anomaly as well as the configuration not aligning with best practice. This issue can then be alerted upon and remediated before any damage is done.
As well as understanding how value is generated based on protocol mechanics, we can also discuss a familiar term used across DeFi applications as well as highlight user-based interaction with the token.
Total Value Locked (TVL) is a term that is familiar to Ethereum native users, where the value of an application or protocol can be observed based on the monetary amount locked into a smart contract for various purposes such as staking, borrowing, lending etc. Naoris Protocol derives its value from Total Value Secured (TVS) where the more valuable networks that join the protocol, the more its value is increased. Users can earn $CYBER tokens as staking rewards for helping to secure the network. In addition, from a commercial perspective when an organization wishes to adopt Naoris Protocol, they are quoted an amount of $CYBER tokens required for their environment to function.
The tokens as part of the deployment are then borrowed from the
staking pool, which directly increases demand for the token.
Summary
Naoris Protocol’s decentralized cybersecurity mesh makes for a
compelling value proposition for any organization or governance
structure across both Web2 and Web3 with the ability to help secure
devices on a planetary scale. Given the inherent weakness of
centralized security systems and the relentless increase of threats
that currently cost the industry hundreds of billions of dollars year
on year, not to mention the increasing abundance of interconnected
devices in our everyday lives both on a domestic and national
infrastructure scale, Naoris Protocol’s fundamentally game changing
approach is an absolute necessity in order to shift the balance.
The combination of cutting-edge blockchain technology alongside a
HyperStructure design ethos ensures that Naoris Protocol is not only a
complimentary layer of cyber-trust, but an entire ecosystem with an
expansive defensive capability that grows as more devices are adopted.
About Naoris Protocol
Naoris Protocol is the Decentralized CyberSecurity Mesh for the hyper-connected world. Our disruptive design pattern makes networks safer as they grow, not weaker, by turning each connected device into a trusted validator node. A robust Blockchain protocol that every company can use to protect against the escalating levels of cyber threat.
Devices are rewarded for trusted behavior fostering a secure environment. Participants earn $CYBER staking rewards for securing the network.
The more users, businesses, and governance structures that use the Decentralized Cyberecure Mesh, creating networks of networks, the stronger and more secure it becomes.
Want to learn more about it?
Visit our Website or check out our Whitepaper
Stay connected: Telegram | Twitter | LinkedIn | Medium | Instagram