The Boldest Supply Chain Hack Ever: SolarWinds Unravelled
The SolarWinds cyberattack of 2020 stands out as one of history’s most sophisticated and bold supply chain hacks. Perpetrated by the alleged Russian cyber-espionage group Cozy Bear, the attack compromised the systems of nearly 18,000 SolarWinds customers, including high-profile government agencies and Fortune 500 corporations. The hackers infiltrated SolarWinds’ Orion software platform, which is widely used for network monitoring and management, by embedding malicious code into software updates that customers unwittingly downloaded.
(SolarWinds is a large US-based software company that creates network and IT infrastructure monitoring tools).
The true extent of the breach took months to uncover, with cybersecurity firm FireEye first detecting the attack early on. The attack’s level of sophistication and the sheer number of victims highlighted the importance of securing supply chains against cyber threats. In response to the breach, US federal agencies and the cybersecurity community have increased their focus on supply chain security, adopting measures to improve software integrity and transparency.
“The hackers also found their way, rather embarrassingly, into the Cybersecurity and Infrastructure Security Agency, or CISA — the office at the Department of Homeland Security whose job it is to protect federal computer networks from cyberattacks.”
SolarWinds’ management faced criticism for its lack of oversight, investment in security and ignoring recommendations for years. The company has since taken steps to address these concerns and improve its security posture, including hiring top cybersecurity talent and investing in security enhancements. However, many in the industry believe this is mainly PR and marketing.
The SolarWinds hack serves as a cautionary tale for the tech industry and governments alike, emphasising the need for vigilance and collaboration to defend against increasingly sophisticated cyber threats. The incident underscores the importance of understanding and managing the risks associated with complex supply chains and fostering a security culture that prioritises transparency, accountability, and continuous improvement. Read more here.
Splitchain, the network underpinning Zucoins, is built with several important but crucial factors built in mind.
Minimal third-party “code libraries”. Most apps use code bundles, called libraries, to save time. These libraries are produced by other software engineers and corporations. Many applications bundle these bits of code with other bits of code.
Eventually, lots of these code libraries are linked and become dependent upon each other, so much so that the entire system using these code libraries becomes a large, interconnected system.
The problem with this is that some of those code libraries can be updated separately from any other code library. This often causes compatibility issues, resulting in buggy software that needs to be thoroughly tested again. A “supply chain attack” is often caused by these kinds of updates, where they include a compromised version of the newer code library used in the software. It’s difficult to detect in so many modern apps and systems because so many code libraries are bundled and chained together, often with millions upon millions of lines of computer code—far too much for any human to review and check.
The solution? Avoid updating the code libraries you say? Well, the older code library might have security flaws, hence why the update was released in the first place.
The better and much harder solution is to avoid using so many code libraries in the first place.
Splitchain, for example, only uses a handful of well tested and long-proven reliable code libraries. This practise is extremely unusual in the fast-paced commercial world, but very desirable and hard to achieve in most modern systems. The common software industry habit is to bundle everything together and then bandage fixes as they break. The upside of this is there are very few things that need to be updated in the Splitchain system’s foundations and much less of it to review. It helps to keep Splitchain faster, lighter, more reliable, easier to maintain (especially important for decentralisation, so others can work on the system) and safer (far less moving parts).
Crypto-tokens such as Zucoins, that run on the Splitchain network, can help mitigate the risks associated with scenarios like the SolarWinds hack by offering enhanced security, decentralisation, and transparency. Here’s how:
- Decentralisation: The absence of central control points in the Splitchain network minimises the potential for single points of failure, thereby reducing the likelihood of large-scale cyberattacks. A more decentralised system inherently distributes the risk, making it more difficult for malicious actors to compromise the entire network.
- Transparency and Accountability: The Splitchain network’s design allows for increased transparency in transactions and data, fostering trust among users and enabling more effective detection of potential risks. This transparency can help organisations better understand their digital supply chains, identify vulnerabilities, and address them proactively. As they say, the more eyes looking at a system, the safer it tends to be.
Splitchain can contribute to avoiding large-scale cyberattacks similar to the SolarWinds incident by promoting a more safely and approachable architecture design, that includes increasing decentralisation and transparency in a digital ecosystem. This innovative approach to value exchange systems encourages vigilance, collaboration and easier management of cybersecurity.
Pakistan’s Inflation Soars, IMF Relief Uncertain
Pakistan faces record-breaking inflation, with the consumer price index rising by 15.6% year-on-year in April 2023, driven primarily by increasing global commodity prices. As the nation contends with this historic surge in inflation, there is no indication of the impending release of financial aid from the International Monetary Fund (IMF).
The Pakistani government has been in prolonged negotiations with the IMF for a $1 billion disbursement, part of a $6 billion loan package agreed upon in 2019 to address economic challenges. However, disagreements over policy actions, including tax reforms and electricity price hikes, have stalled the release of funds.
As a result, Pakistan’s central bank is under pressure to raise interest rates in an attempt to curb inflation, a move that may hamper the country’s economic recovery from the pandemic. This predicament highlights the difficult balancing act facing Pakistani authorities as they strive to manage inflationary pressures and foster sustainable growth.
The outcome of ongoing IMF negotiations will significantly impact Pakistan’s short-term economic prospects. Timely access to financial assistance would alleviate the nation’s economic burden, enabling the implementation of crucial policy measures to tackle inflation and support growth. Read more here.
The Splitchain network and its layer one token Zucoins could potentially help mitigate scenarios like Pakistan’s soaring inflation and uncertainty surrounding IMF relief. By enabling a more transparent, secure, and efficient exchange of value through Zucoins, Splitchain could foster financial stability and reduce dependence on traditional financial institutions.
In the context of inflation, the decentralised nature of the Splitchain network and the use of Zucoins, along with stablecoins pegged to less volatile assets, could offer a means for protecting purchasing power in times of economic turmoil. Providing an alternative to national currencies through Zucoins could help reduce the impact of inflation on citizens, allowing for more predictable financial planning.
Additionally, as the Splitchain network operates with increased transparency and security, crypto systems like these could promote more confidence in next-generation financial systems and reduce reliance on international financial aid, such as IMF funds. This would enable countries like Pakistan to manage their own economic challenges better and implement solutions tailored to their specific needs using Zucoins and other tokens on the Splitchain network.
In conclusion, while the Splitchain network and Zucoins cannot entirely prevent situations like Pakistan’s current inflation crisis, their decentralised, transparent, and efficient nature can alleviate some of the negative impacts through transparency earlier on and provide more stable financial alternatives for both individuals and governments.
European Crypto Hotspots Emerge: Lisbon, Berlin, and Paris Lead the Charge
Europe has seen a surge in cryptocurrency hubs, with Lisbon, Berlin, and Paris taking the lead as the most attractive destinations for blockchain and crypto companies. These cities have fostered an environment conducive to innovation and growth thanks to their vibrant tech scenes, regulatory clarity, and startup-friendly policies.
Lisbon, the capital of Portugal, has become a magnet for crypto entrepreneurs and digital nomads due to its favourable tax climate, with no VAT on cryptocurrencies and a flat 20% income tax for non-habitual residents. Furthermore, the city boasts a thriving startup ecosystem, affordable living costs, and a high quality of life, attracting talent from around the world.
Berlin has long been a centre for innovation and technological advancements, and its reputation as a crypto hub is no exception. The German capital is home to numerous blockchain startups, accelerators, and incubators, fostering a vibrant community of developers and entrepreneurs. Germany’s progressive regulatory environment, which recognises cryptocurrencies as legal tender, has further contributed to Berlin’s crypto prominence.
Paris, known for its art, culture, and history, is also emerging as a significant player in the European crypto scene. The French government’s proactive approach to regulating digital assets and its commitment to fostering innovation through various support initiatives have made Paris an attractive destination for crypto enterprises. Additionally, the city’s strong fintech ecosystem and availability of skilled talent have further fuelled its growth as a crypto hub. Read more here.
What did you think of this newsletter? Reply to send me feedback on what you liked or want to see featured more. There’s more coming, so stay tuned.
If you liked this newsletter and want to support my work, the best way is to forward this newsletter to someone, donate here or even buy some Zucoins.
—
All the best,
Peter
MyZucoins