Description

If the attacker has the control over the hypervisor, then the full access to VMs will be under threat. In order to overcome this situation, the following plans and ideas can be helpful. The document outcome is the ideas discussed among the SMEs.

Mitigation Ideas

1. Limit the access to admin

2. PEN Testing the accounts to evaluate the security. Example: Brute force test on password.

3. Having Backups of Hypervisor and nodes for Fallback/re-deployment

4. Performing Audits periodically

Response Plan

1. Updated backups that can be written over the compromised systems.

2. A Kill-switch to stop the process.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: Rily and/or Robert

Second Responder Team

Point of Contact: Kyle and Haxhi

Description

There are possibilities that Government can restrict/ban crypto in the country or in any particular province. If that is the situation, the following plans helps in overcoming the problem. Also, provide the responder team who can clarify the status of that condition and possible solutions.

Mitigation Ideas

1. Always having a proactive design to avoid the regulatory compliance

2. A separate role to monitor the regulatory trends

3. Having a duplicate setup in another country

4. Lobby the Govt to have a Crypto friendly policy

5. Stay away from promoting ideas that could cause regulation issue

6. Have a legal counsel

7. Anonymous users as witnesses

Response Plan

1. Create Server space to Offload several services in other countries with Jurisdictional ability.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of contact: Jonathan / Leadership Team

Second Responder Team

Point of contact: Team B

Description

The network run the servers which can become expensive for the user based on the demands, usage and availability. In this case, to maintain the users the following plans and ideas can be useful. Also, the point of contact to understand the issue is listed in this section.

Mitigation Ideas

1. Increase liquidity to bring value to the token.

2. Run a node with less demand, Find a way for it.

3. To avoid compilation, provide the binaries of witness_node and cli_wallet.

4. Create best practices to build cost effective nodes

5. Have Periodic sync-up with other witnesses to learn about the ways remain economical.

6. Static-linking of libbitcoin

7. Publish minimum requirements to witnesses to maintain the standard spec across the platform.

8. Provide the Personal Package Archives (PPA) on ubuntu.

Response Plan

1. Increase witness / SON pay

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: DOCS Team

Second Responder Team

Point of Contact: Dev Team (For Static Link / PPA)

Description

Power is the key factor to run any server. There are situation where the power and backup can fail to switch back which halt the servers to come up. It can be any disaster, natural calamities, accidents, etc., In order to overcome this situation, the following ideas and plans were proposed by the SMEs. This can help the user to understand the possibilities and person to help in retrieve the situation to normal.

Mitigation Ideas

1. Providing a backup to backups.

2. Plan Tier-3 availability.

3. Generators for critical operations with auto-on features over power failure.

4. Key actors need to have clear communication among themselves

5. The mirrored servers can be Off-premises

6. Maintenance Team with 24/7 availability

Response Plan

1. Re-deploy the services such as AWS, Linode, etc., whenever in need

2. Pre-written redeploy plans for critical services

3. Start the Generator

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: Jonathan / Maintenance Team

Second Responder Team

Point of Contact: Kyle and Riley respectively

The list of risk discussed in this document are,

1. Too expensive servers for witnesses/SONS

2. Witness node not reachable

3. Witnesses get DDOS'd

4. Bad actor infiltrate witness/SONs

Description

Bad actors can be a threat to any organization. As they infiltrate and gather confidential information about the company. Those action must be considered as critical and proper action must be taken to avoid the risk. The following points can help the user to have some idea about how to overcome this problem.

Mitigation Ideas

1. Follow a robust on-boarding and vetting procedure, while accepting a witnesses/SONs.

2. Witnesses should be able to keep their anonymity.

3. Implement proof of pulse consensus.

4. Ensure setup of witnesses is simple to lower barrier to entry.

5. Encourage active voting and participation.

6. Publish witness stats in central location periodically.

7. Use a White hat to identify the vulnerabilities in any account with user's consent. (White hat -Ethical security hacker)

Response Plan

1. Deeper monitoring of chain activity.

2. Push notification for any large transaction (Whale alert)

3. Establish a "Forensic Team" that can recognize any malicious activities of a witness.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

There are two members who can inspect the issue,

1. Log-Diving analyst

2. Forensics Team

Second Responder Team

The voters can inform about the invaders, if any.

Description

The witness node can be unreachable at times due to several reasons. In order to overcome this situation the following ideas and plans can be helpful.

Mitigation Ideas

1. Create a witness chat room with group call functionality.

2. The witnesses should keep note of cell numbers of other witnesses as much as possible.

3. At least, one group where all the witness/ SONs should reside.

4. Create a separate portion for Witnesses in Scenes

5. A Dashboard to track the status of witnesses and chains.

Response Plan

1. Can we create a witness buddy system

2. Cross-post calls for action - Rocket chat, Telegram, Scenes, etc.,

3. Get familiar with common hubs used by witnesses

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Firstly, the Witnesses themselves have to communicate about the problem with the team. So that, the issue will be know to the team and solution can be provided at the earliest.

The entire Peerplays network works in a Bunker. There are several things that might bring down the network. This document covers the possible risks along with the plan to solve any such occurrences. Though there are several possible risks, only 4 risks are filtered based on the audience (SME's) choice.

The list of Risks discussed are

1. DDOS

2. Hypervisor Compromised

3. Power and backup Failure

4. Crypto Restriction

The Risk register document helps the user to have an understanding about the risk that has occurred/ might occur in Peerplays. The document focus on the top 3 risks that are voted by the SMEs, categorized as High risk and also provides the possible solutions to solve the risk.

The document has the section which features the Responder Team which is vital to inform about the issue and to find the solution to solve the issue.

The inputs are gathered from the SMEs and categorized as mentioned below,

1. Bunker Issue

2. Core-Block Issue

3. Credential Security

The risks discussed in this document are,

1. NEX Open source Vulnerabilities

2. Key Logger, access to NEX deployment

3. Password manager hacked

4. SONs active keys exposed in configuration

Description

DDOS attack will deny the User to connect with any online services, sites, and application. This is a cyber attack and it's unpredictable. If a user come across any such circumstances, the below ideas, response plan can be helpful.

Mitigation Ideas

The following ideas are listed based on the inputs from SMEs

1. Having Load balancers in place.

2. A method to detect DDOS attack while they originate.

3. Using services like CloudFlare to secure the internet connectivity.

4. Limit the number of connections (Reasonable counts).

5. Direct communication with ISP NOCs.

6. Keeping the Backups servers Off-premises .

7. Find a good counter-measure software to stop/fight against the attack.

Response Plan

1. If attack has happened, the servers can be flipped to backups.

2. Communicate with marketing team depending on the services attacked.

Responder Team

In order to find the solution / to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Devops Team Point of contact: Haxhi

Second Responder Team

Development Team

Description

Keylogger can also be as source to reveal the User's details with the hacker. A User must be aware of such malicious activities and prevent themselves from losing their information. This section helps the user with ideas and plans from SME's to overcome the situation.

Mitigation Ideas

1. If the main deployment is compromised, then shutdown & re-deploy immediately.

2. Run anti-virus and anti-keylogger software to scan network devices.

3. Create an anti-phishing system that can capture the malicious activities such as code duplication and deploying in other environment. The User should be know that the code is not from original/official.

4. Isolate the compromised system in locked environment to perform RCA.

5. Monitoring service that polls the deployment and notifies key parties whenever the hosted code changes.

Response Plan

1. Remove the infected account in the GIT lab settings.

2. Inform all the users and employees that will be impacted by the attack.

3. Perform a rapid DNS switchover to site with "Down for Maintenance" status until deployment is recovered.

4. Chain analysis to find the number of affected users.

5. Contact GitLab for help.

6. Any possibilities to have a counter-cyber crime employee to hack the hackers?

7. Article about the hacker attack, https://decrypt.co/108015/nears-rainbow-bridge-blocks-another-attack-costing-hackers-5-ethereum

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: DEV or Network Ops

Second Responder Team

Point of Contact: Community Outreach though any User forum

Description

NEX is an open source application which might paves way for any security threat. So, this section helps the user to have some ideas to overcome the issue.

Mitigation Ideas

1. Maintain a list of "endorsed" deployments (URL list) to capture any unauthorized deployment.

2. Audit all the code including smart contracts, sites regularly.

3. PEN Test run in the production environment related to NEX

Response Plan

1. Alert message the community about the invaders.

2. Any scope to build API nodes that can blacklist specific services.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

If any suspicious activities are observed, the observer can inform about it through any User forum. All the users must be informed about it.

Second Responder Team

Point of contact: DEV OPS, NEX devs

Description

In some cases, the witnesses themselves will be DDOS'd and will be denied access to use the application. This is critical and the following plans, ideas will help in sorting the issue to provide some solution.

Mitigation Ideas

1. Witnesses should have a backup or DDOS protection.

2. Maintain backup node which can monitor and do automatic failover.

3. Create a basic witnesses node that can take over automatically at once the public witnesses fail.

4. Create witness backup in different location.

5. Any temporary Fallback strategy for witness outage??

6. Any Recommendation to witnesses about some reliable DDOS protection service ??

Response Plan

1. Outline proper procedure to be taken during the event of DDOS attack.

2. Allocate individual resources to communicate periodically with witnesses about the protective measures and procedure to prevent DDOS attack.

3. Can vote out a witnesses who is been attacked, until they are able to get back on track

4. If attack is persistent, have some IAC (Infrastructure as code) to redeploy the witnesses elsewhere.

5. In case, if any witnesses missing blocks in a row, then Notification should pop-up.

6. Automated system messages in witness chat.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

The Witness / party that notices the issue.

Second Responder Team

The witness recovery - Liasson

Description

If there is a possibilities that active keys getting exposed in the configuration, then the following ideas can be considered as a solution.

Mitigation Ideas

1. QA process to detect any key exposure

2. Proper code review has to be done before code merge to avoid conflict.

3. Process in place to cycle active keys.

4. Using active key of Operator account on server instead of SON account active key - Whether custom_permission can be used to limit the damage caused by any Key?

5. Can we make config files encrypted which can be accessed only via their own passphrase?

6. Is it possible to write SONs code not to be dependent on the active key ?

7. Any possibility to get certain config value comes from ENV variable?

Response Plan

1. Shut down SON, change the active key.

2. Vote out SON

3. Use Owner key to change the active key.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: SON operator

Second Responder Team

Point of Contact: The community, who can vote out SON

Description

A strong password is always recommended to keep the accounts safe from hackers. Still, there are many software techniques in the industry to hack the password and use it against the owner. As the world is digitalized, crimes also getting smarter to acquire our wealth. In case, if the passwordr manag is hacked, the following ideas might be helpful in overcoming the situation.

Mitigation Ideas

1. Have back-up of all stored passwords.

2. Keep the high-profile passwords securely and don't save them in the password manager.

3. If cloud services are in use, then use self hosted backup.

4. Use a company hosted password manager (Bitwarden)and force 2FA as one of the factor.

5. User should use 2FA wherever possible.

Response Plan

1. Plan to change the password periodically.

2. Inform all employee who will be affected by this disruption.

3. Use back up to reset passwords of all account.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

The employee whose credential has be hacked, should first inform the details to the Team. So that, the action to stop the intruder can be taken care.

Point of contact: Rily

Second Responder Team

Point of contact:

1. DevOps

2. System Admin