As banks embrace crypto, a defense blueprint is born

As U.S. financial regulators roll back previous restrictions on cryptocurrency activities and create new regulations designed to enable banks to engage in such activities, a new cybersecurity framework offers a detailed look at how cyberattackers break down and exploit digital assets.

MITRE, a national security research firm, is best known in cybersecurity for the company's ATT&CK framework, which is a major, open standard — a library of knowledge — about how cyberattackers think and operate. The framework is free to use, as it comes with a nonexclusive, royalty-free license for any use, including commercial purposes.

This week, MITRE launched AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a framework that seeks to bring the value of ATT&CK to the world of digital asset payment technologies. AADAPT is designed to help companies systematically secure this technology by understanding how those who attack these systems think and work.

"Digital payment assets like cryptocurrency are set to transform the future of global finance, but their security challenges cannot be ignored," said Wen Masters, vice president of cyber technologies at MITRE, in a press release. "With AADAPT, MITRE is empowering stakeholders to adopt robust security measures that not only safeguard their assets but also build trust across the ecosystem."

The value of cybersecurity frameworks, explained

One way of securing any computer system is vulnerability scanning. This is like checking your home for unlocked doors, open windows or a weak lock. Vulnerability scanning identifies the static weaknesses that an intruder can exploit.

Vulnerability scanning has a place in any good cybersecurity program, but another powerful approach is understanding how cyberattackers operate. This is where MITRE frameworks come in.

MITRE frameworks are libraries of knowledge that teach how burglars scout a neighborhood (reconnaissance), how they force open a door (initial access), what they do once inside to avoid being seen (defense evasion), how they find your valuables (discovery) and how they get out with them (exfiltration).

The value the MITRE ATT&CK framework offers and the value the AADAPT framework also looks to bring is helping companies break down the techniques and tactics their cyber adversaries use. Here's what that means:

"Techniques describe the means by which adversaries achieve tactical goals," according to the AADAPT framework. They represent how an adversary achieves a tactical objective by performing an action, and sometimes they represent what the adversary gains. Examples in the AADAPT framework include market manipulation using pump and dump schemes and stealing unsecured credentials.

In contrast, tactics represent the why of a technique — the reason an adversary performs an action. Tactics in the AADAPT framework include gaining initial access to a system, performing reconnaissance and avoiding detection.

The tactics and techniques of crypto hackers

The AADAPT framework lists 11 tactics and 66 techniques that cyberattackers use against digital asset payment technologies.

Here's a small sampling of those techniques and the tactics they represent, as well as the identifiers MITRE has assigned them:

• Technique: Exploiting smart contract implementation (ADT3012). In this technique, adversaries manipulate transactions, steal funds or compromise system integrity by exploiting deficiencies in smart contract programming or execution environments. This includes vulnerabilities like reentrancy (ADT3012.005), where an attacker repeatedly calls a function before a previous call completes to drain funds, and oracle manipulation (ADT3012.004), where attackers alter external data feeds to deceive smart contracts into unauthorized actions. These three techniques are examples of execution (TA0002), which is the tactic of trying to run malicious code.
• Technique: Market manipulation (ADT3021). This is a class of attack in which adversaries artificially influence asset prices or market conditions. Related techniques include pump and dump (ADT3021.001), which is artificially inflating an asset's price to sell at a profit, and wash trading (ADT3021.003), which is rapidly buying and selling the same asset to create the illusion of market activity. The AADAPT framework notes that market manipulation attacks are less likely to impact fiat-pegged stablecoins due to their centralized control and regulatory oversight. These techniques are examples of impact (TA0040), which is the tactic of trying to manipulate, interrupt or destroy a system and its data.

As banks continue to add services to support stablecoins and provide custodial services for crypto assets, the need for robust security frameworks like AADAPT becomes paramount.

Miles Paschini, CEO of FV Bank, one bank building stablecoin services, recently told American Banker that new regulations will "likely bring more non crypto-native users into the stablecoin market, necessitating more supporting services, such as compliance, risk and payment processing."

AADAPT aims to provide a framework for financial institutions to tackle these security challenges.