This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BlockChain and AFT attack

I am working on a research project for building a test network of Hyperledger Fabric and suffering from APT attack. Is there anyone who expertise the cybersecurity on Blockchain tech? I need your advice for a more practical discussion. 

Thx



This thread was automatically locked due to age.
Parents
  • G'day mate

    What software are you using to build your test Hyperledger Fabric?  And within what environment?  I'm keen to provide guidance here on what to do next, but I need more information.  Also, what's an AFT attack?

    ==

    When in doubt, Script it out.

  • To my current plan, a test network suggest on 

    https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html

    I prefer to work on theoretical analysis without developing any application layer and simulate the attacker's behavior protected by my proposed scheme. The AFT attack is coming from a paper and I am trying to reproduce it.

    I need cybersecurity advice to check if my simulation is practical and my expertise is error control coding. 

    According to the literature, 

    Advance persistent threat (APT)[5] is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data. APT attacks are usually launched by government-backed hackers to steal data. APT attacks build hidden Command and Control (C&C) channels to steal resources remotely. Smart contracts represent a vulnerability of blockchain technology to APT attacks because of their sandbox-style open execution environment. An APT attacker will attempt to exploit a target system which has a controlled input and output structure of a smart contract. After the target system is exploited, the attacker will attempt to escalate his privileges to the highest level. If this privilege escalation fails, the attacker will use the victim node as a network proxy. This means that no code is required to be written to the drive and the attack code can be executed dynamically in the memory only. Depending on the attack requirements, malicious code can ne embedded into a smart contract to avoid disruption by the security infrastructure to the greatest possible extent.

    The consequences of such intrusions are vast, and include:

    • Intellectual property theft (e.g., trade secrets or patents)
    • Compromised sensitive information (e.g., employee and user private data)
    • The sabotaging of critical organizational infrastructures (e.g., database deletion)
    • Total site takeovers
Reply
  • To my current plan, a test network suggest on 

    https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html

    I prefer to work on theoretical analysis without developing any application layer and simulate the attacker's behavior protected by my proposed scheme. The AFT attack is coming from a paper and I am trying to reproduce it.

    I need cybersecurity advice to check if my simulation is practical and my expertise is error control coding. 

    According to the literature, 

    Advance persistent threat (APT)[5] is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data. APT attacks are usually launched by government-backed hackers to steal data. APT attacks build hidden Command and Control (C&C) channels to steal resources remotely. Smart contracts represent a vulnerability of blockchain technology to APT attacks because of their sandbox-style open execution environment. An APT attacker will attempt to exploit a target system which has a controlled input and output structure of a smart contract. After the target system is exploited, the attacker will attempt to escalate his privileges to the highest level. If this privilege escalation fails, the attacker will use the victim node as a network proxy. This means that no code is required to be written to the drive and the attack code can be executed dynamically in the memory only. Depending on the attack requirements, malicious code can ne embedded into a smart contract to avoid disruption by the security infrastructure to the greatest possible extent.

    The consequences of such intrusions are vast, and include:

    • Intellectual property theft (e.g., trade secrets or patents)
    • Compromised sensitive information (e.g., employee and user private data)
    • The sabotaging of critical organizational infrastructures (e.g., database deletion)
    • Total site takeovers
Children
  • Ah, so two things as a result of your details provided, thank you for this.

    You mention an 'AFT attack coming from a paper and I am trying to reproduce it' - what I'd like to clatify if this paper is also available to read?  Is there an internet source.

    Secondly, you've provided a description of a 'Advanced Persistent Threat' or APT.  Which, I'm assuming is something different than an AFT?  Or is AFT a spelling mistake.  And/or is AFT a type of attack that is attributable to an APT Actor?

    I can't find anything on AFT so please do help me to understand better.

    From my own perspective, any computing platform that is made available to others to interact with is a target for attack.  Whether or not it's a viable target comes down to its availability and potential return on investment for an 'APT Group'.  Having said that, no one should assume their computing platform or application is immune - i'm under the impression you have this opinion too hence why you're here!

    Please share more on what actual experience you ar having - Blockchain and crypto currency are targets for many threat actors.

    In the meantime, and specific to the Hyperledger Fabric you're looking at, they have a well documented sucurity program and have detailed past issues, vulnerabilities and shared pen tests from their platform.  Worth a read to ensure you're not using a vulnerable version and have followed the recommended practises before building one up.

    https://wiki.hyperledger.org/display/SEC/Project+Audits

    Finally, if you're finding yourself under attack from an APT group; how have you managed to determine this?

    ==

    When in doubt, Script it out.

  • Sorry about the typo I did not notice that AFT Should be APT. I send you the paper to check the literature.

    I will consider your suggestion and seems a good start to my project.

  • Thanks Hans.  I'll have a read and get back to you with any obvious recommendations.

    Thanks for reaching out.

    ==

    When in doubt, Script it out.

  • so nice to hear from you and I am starting to study fundamental cybersecurity as well