Case study: Hacken Provides Pentest and Anti-Phishing Services to Remme
Company description: distributed Public Key Infrastructure
Service: Anti-Phishing and Penetration Testing
Today we want to introduce you to REMME, our newest security partner. Firstly, it is vital to mention that their token sale could have been a clear example of how social engineering can ruin an ICO. However, Hacken managed to eliminate the threat that came in the form of 1500 bots, a DDoS attack, and several fake websites. And now, we can proudly claim that our client successfully completed its token sale raising nearly $20 million. Considering the fact that REMME put great efforts into protecting investors, it is evident that the company has a bright future; thus, we expect other valuable products after the release of their passwordless application.
The project first became popular thanks to their innovative solution for passwordless authentication. As a result, it raised the major part of their goal ($18 million) within just 24-hours, and we are glad that took an active part in its success.
Black Hat Hackers are on the Rise
The numbers vary as to how much cyber crime will cost by 2019, 2020, or 2100. The most important matter is that hackers cause great harm to all human spheres including crypto and IT, and it’s not just about the millions of dollars stolen every year, the investors lose their ability to trust, while ICO projects, in general, lose credibility and loyalty with each successful theft of customer funds. In that way, many brilliant and worthy projects slip into obscurity. Thus, we see that everywhere companies are upping their cybersecurity budgets in an attempt to lower the catastrophic costs of a potential data breach.
What is REMME?
No more passwords — and no more break-ins. REMME aims to provide next-gen access protection by making passwords obsolete. It is designed to facilitate and resolve access management by building the distributed Public Key Infrastructure protocol and the set of DApps on top of it.
REMME uses blockchain technology to create a distributed certificate management system that has no single point of failure. In other words, if a certificate is valid or revoked, the information will be stored in a decentralized way with the help of blockchain. REM token is the superpower boosting the whole ecosystem, operating like a license or digital key and granting its holders access to REMME PKI and DApps.
Hacken’s Methods and Strategies for Defense
We want to share with you how our white hats applied anti-phishing protection to REMME:
- The preparation of infrastructure and optimization of resources was carried out. Load testing was performed, which subsequently allowed them to recover DDoS 60 Gbps successfully.
- In the automatic mode, monitoring was carried out, while more than 3 thousand different mentions of REMME a couple of days before the ICO and during the ICO were processed in social networks, sites, forums and telegram channels in order to identify phishing activity.
- More than 4 different phishing domains and several separate phishing companies were detected and blocked, some of which were advertised in popular social networks. More than 10 fake wallets were marked and added to the phishing database. The average time from detecting the domain to blocking it was less than 3 hours and most of them did not even have time to start advertising.
Also, as we have mentioned, Hacken coordinates the protection of REMME’s infrastructure with rigorous penetration testing. With that, all of these potentially fatal vulnerabilities were detected and fixed:
- 1 dangerous vulnerability CSRF (Cross Site Request Forgery, also known as СSRF) — the type of attacks on website visitors using the disadvantages of the HTTP protocol.
- 1 XSS (Cross-Site Scripting) vulnerability in two different parameters — type of attack on the web system, which lies in the introduction into the web page of the malicious code page (which will be executed on the user’s computer when he or she opens this page) and the interaction of this code with the attacker’s Web server.
- 1 CORS (Cross-origin resource sharing) — a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
Experts all over the world advise that no one should rely on compliance alone but should seek to identify any and all possible vulnerabilities to outpace the ever-growing number of cyber attackers. Companies of all sizes should expect cyber thefts and data breaches. As because of this unfortunate reality, there should always be the strongest protective measures in place, at all times.
Thus, the trustworthy and promising startup, REMME, implements effective and simple to understand authentication to protect the access of people and devices from cyber attacks. They ordered cyber protection services from top professionals and now have the best possible chances to reach their token sale funding goals, despite the persistent efforts of the malefactors.
At Hacken, we take security extremely seriously, and all the checks are performed according to the highest standards. If you have any questions about the topic or need a consultation, feel free to contact our Team!
It’s a community-driven business organization, consisting of HackenHub, HackIT cybersecurity conference, HackenProof bug bounty platform, and Crypto Exchange Ranks.