To mitigate DDoS-related risks, we recommend to anyone who is currently working on an ICO to put their security first
San Francisco, CA (PRWEB)
September 21, 2017
Wallarm, a global pioneer in AI-based cyber security solutions, helped TokenStars deter a series of application-layer DDoS-attacks and prevent a security breach by cybercriminals looking to disrupt and hijack the TokenStars’ Initial Coin Offering.
Blockchain talent development startup TokenStars initially announced that it was planning to hold its ACE token ICO on August 24, 2017. However, a few days before the intended date of the crowdsale, the TokenStars official website came under a series of sophisticated application-layer (L7) DDoS-attacks, conducted by unknown cybercriminals.
After an initial assessment of the situation, TokenStars decided to turn for help to its trusted cyber security partner, Wallarm. As the first step in protecting the TokenStars web infrastructure, the TokenStars security team installed the Wallarm Next Gen WAF solution. Upon installation, the Wallarm solution proceeded to discover and map the perimeter of the TokenStars web infrastructure and identified all the hosts that needed to be protected. During the second phase of implementation, Wallarm Node analyzed all incoming and outgoing HTTP requests. Based on this analysis, Wallarm was able to profile the normal operation of TokenStars’ web infrastructure and identify the attacks in progress. The Wallarm team discovered that the cybercriminals were using an application-layer (L7) DDoS attack that consisted of crawling and fingerprinting techniques, used as a smokescreen for a Cross-Site Scripting (a.k.a. XSS) attack.
Wallarm Threat Verification Engine validated this attack and was able to detect an XSS vulnerability on the main page of the TokenStars website. The TokenStars security team found evidence that the attackers had also discovered this vulnerability and started exploiting it, which would allow them to replace the content of the users’ page when the latter visited the TokenStars website.
Wallarm’s experts believe that the attackers were preparing two attack scenarios through this XSS vulnerability: to access the control panel of the target website through an attack on the…