Cybersecurity Firm Detects Cryptojacking Malware on Make-A-Wish Foundation Website

Cybersecurity firm Trustwave has reported a case of cryptojacking malware stealing the computing power of visitors to the Make-A-Wish Foundation’s website.

Hackers have infected the website of global non-profit organization the Make-A-Wish Foundation with cryptojacking malware, according to a report by cybersecurity firm Trustwave posted Nov. 19.

According to Trustwave researchers, crypto jackers managed to incorporate a JavaScript (JS) miner CoinImp into the domain in order to illicitly mine privacy-focused cryptocurrency Monero (XMR). Similarly to the notorious Monero mining software CoinHive, CoinIMP has reportedly been using the computing power of website visitors to mine cryptocurrency.

Per the report, the CoinImp script infected the website through the domain, which is associated with another campaign that exploited a critical Drupal vulnerability to compromise websites since May 2018.

The researchers noted that the recently detected campaign deployed a number of techniques to evade detection, including alterations of its already obfuscated domain name, as well as different domains and IPs in a WebSocket proxy.

Trustwave reportedly contacted Make-A-Wish in order to report the cryptojacking attack, but the foundation did not respond. However, the malicious injected script was eventually removed shortly after Trustwave attempted to reach the foundation, according to the report.

According to data acquired by Bloomberg, scales of cryptocurrency mining attacks have surged up to 500 percent in 2018. Recently, Internet security provider and research lab McAfee Labs uncovered a new Monero-mining malware called WebCobra that allegedly originates from Russia.

Earlier in November, Japanese global cybersecurity company Trend Micro detected a new strain of crypto-mining malware targeting PCs running Linux.

Continue Reading

From Encrypted Messaging to Critical Fire Systems: Blockchain for Security Sector

Law enforcement agencies and the military could benefit from blockchain as much as financial institutions do.

Blockchain-based systems’ decentralized nature makes for their formidable resiliency to the outsiders’ attempts to infiltrate or take down such networks. Governments, law enforcement agencies and even military leadership around the world seem to be embracing a more blockchain-friendly way of thinking as they realize that the power of distributed ledger technology (DLT) could be harnessed to advance their goals in numerous ways. This generates increased demand for security-enhancing solutions, which pushes the private sector to come up with such products at an ever-increasing pace.

The latest use case – Israel’s securities regulator introducing a blockchain-powered messaging system in order to ensure authenticity of its communications – is an instance of a prevalent, yet not exclusive, area of the technology’s security application: data protection.


Ensuring data security and integrity is blockchain’s natural and widely recognized forte. The need to keep critical data safe and provably unaltered is even more pronounced in areas such as law enforcement and defense, where the consequences of failing to protect data might be especially dreadful. In recent years, governments have been peeking into the blockchain space en masse, so the examples of both potential and already operational implementation are abundant.

In May 2016, NATO’s Communications and Information Agency first invited proposals on blockchain applications in areas such as military logistics and procurement as a part of its Innovation Challenge initiative. Around the same time, The US Defense Advanced Research Projects Agency (DARPA), the very organization that we should thank for creating the internet, announced that it was accepting bids from contractors who would ‘create a secure messaging and transaction platform that separates the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger.’ In May 2017, the agency awarded a grant to a firm that subscribed to create this DLT-based messaging system.

Across the Atlantic, the Defence Science and Technology Laboratory, part of the UK Ministry of Defence, has been working with a domestic consultancy firm on a project aimed at improving integrity of data produced by networked sensors. Reuters also reported in late 2017 that the British justice ministry considered implementing a blockchain-powered solution to keep evidence tamper-proof.  

Australia’s financial intelligence agency and the Australian Criminal Intelligence Commission pooled some resources last year to fund the effort by HoustonKemp, a Singapore-based contractor, to build a blockchain system advancing the same goal – securely recording, storing, and sharing sensitive intelligence and evidence created by investigations.

Russia, too, has been wasting no time, as its Ministry of Defense designated a newly built research laboratory to explore the potential applications of blockchain technology for safeguarding critical military infrastructure from cyber attacks.

Tech corporations that are into the business of building blockchain applications do not just stand on the sidelines waiting for governmental agencies’ bid issuances. A few days ago, news broke that IBM registered a patent for a network security solution that relies on a distributed network of monitors to track breaches in systems’ defenses. This design will be especially effective against sophisticated attacks that cover up their own tracks. Even if one monitor is hacked, others will spot irregularities in system logs as they diverge from a previously blockchain-recorded consensus.

Another product specifically aimed at law enforcement and related organizations, called the Blockchain Evidence Locker, hit the market in September. A creation from Canadian firm Leonovus, the product is designed to maintain a detailed, cryptographically secured chain of custody record for the growing body of digital evidence that security agencies store. Overall, it won’t be surprising if within a decade maintaining a distributed and encrypted database of evidence will become a standard for law enforcement in the developed world.

Transaction tracking

Another common and well-documented application of blockchain technology for security and law enforcement purposes manifests in a wide range of tools that permit tracking suspicious or illegal financial activity, with the ultimate goal of matching pseudonymous crypto addresses with perpetrators of real crime. In this domain, police and intelligence agencies often operate in collaboration with private companies that build and maintain relevant software tools, or even completely outsource investigative work to them.

One of the notable features of this sector is a ‘blockchain detective’ firm Chainalysis, whose software has been instrumental in multiple investigations led by the US Department of Justice and other prominent agencies. Chainalysis has recently raised millions of dollars to expand its operations from a single Bitcoin blockchain that it previously scrutinized to a much wider array of cryptocurrencies.

London-based Elliptic, which often secures a mention next to Chainalysis as its closest competitor, has created tools that allow crypto exchanges or other interested parties to red-flag transactions that raise suspicions of being linked to illicit activities. Elliptic’s solutions are specifically focused on stopping criminals at the choke point where they attempt to cash out the shady money.

This year also saw San Francisco-based Bitfury group, an entity that started as bitcoin miner but moved on to become a provider of a wider set of crypto-related products and services, launch its blockchain-tracking software called Crystal. The product offers an in-depth look into any transaction on the Bitcoin blockchain, which involves advanced mapping and grouping tools, as well as a quantified assessment of the odds that a given transaction is illegal.

As the widespread perception of a robust link that exists between cryptocurrency and cybercrime taints the whole industry, many crypto ventures are eager to prove the stereotype inaccurate. This push resulted in creation of Blockchain Alliance, a coalition of companies whose mission is to ‘provide a forum for open dialogue between industry and law enforcement and regulatory agencies’ while combating crimes that use public blockchain infrastructure. Along with providing software tools that have already been deployed by agencies such as Europol and the US Department of Homeland Security in some high-profile investigations, Blockchain Alliance emphasizes the need to educate law enforcement on the technology underlying cybercrimes and the most efficient ways to deal with it.

Military applications

Granted, innovation-minded generals and military technology experts have been long eyeing applications of blockchain such as military logistics, cyber defense, and resilient communications. Yet some even more exciting uses might be on the horizon, as the technology’s potential extends into command and control systems, and even further – onto the battlefield.

For example, in October 2016, DARPA spent some $1.8 million to pay a software company named Galois for their Blockchain application Guardtime Keyless Signature Infrastructure – basically, an unhackable code that could be deployed to enhance security in critical weapon systems. Using a mathematical technique called formal verification, the program will ensure that the system is used as intended, and no malicious code is planted within.

Pairing blockchain with artificial intelligence and military ‘Internet of Things’ (IoT) could be the future of combat tactics, shifting from the centuries-old paradigm of centralized in-battle control to decentralized, at least at the unit level. Imagine a swarm of armed drones that continuously share combat data and decisions in a decentralized manner, operating as a unified organism that is not beholden to a single decision-making center and is capable of sustaining any casualties without losing operational capacity.

Another field ripe for decentralization of command is complex fire systems, such as those found on modern battleships. For the last five decades, NATO navies’ vessels have relied on a centralized system of weapons control called Aegis Combat System – an ingenious yet centralized brain that collects data from dozens of sensors and coordinates fire from several types of deadly weapons simultaneously. Despite its age, it still works well, but the centralized character makes it vulnerable if the decision-making center gets taken out. A set of autonomous systems that coordinate via a blockchain could present a more viable design, retaining advantages of coordination but eliminating vulnerabilities inherent to central control.

Continue Reading

New Data Storage Platform Intends To Become The Safest Way Of Storing Information Online

A new blockchain-powered data storage platform is planned to be entirely decentralised and self-sufficient. By default, 10 copies of the data will be stored in order to prevent deletion.

A new blockchain-powered data storage platform, Memority, is aiming to provide “the most secure ever developed” solution for anyone looking to safely store sensitive data. The system would be entirely decentralised, self-sufficient, and protected against forgery and data deletion. Memority has also stated that “since we use Proof of Authority mining, there is no need for high computation resources.”

No reliance on a centralised system

The modern world continues to shift more and more information from physical to online storage. By 2020, it is estimated that over $100 bln will be spent annually by businesses on cybersecurity.

Memority acknowledges that there are several other ‘safe’ storage platforms available, however, the team claims that there are many factors which differentiate their product from their competitors. For example, it is entirely decentralised, and access to the datasets is restricted only to the owners who hold the private key. By default, 10 copies of the data will be stored in order to prevent accidental or malicious deletion, with a monitoring system in place to detect and replace missing files.

The files are also protected from forgery as a result of data identifiers, with the monitoring system able to scan for fake datasets and restore the correct copies. All of these features take place in a ‘completely self-sufficient and independent’ manner, due to the lack of reliance on a centralised system. A detailed breakdown of all of the differentiating factors of Memority is available on their website.

Their white paper states that the mission of Memority is to “create a self-sufficient ecosystem that includes many applications to meet the needs of businesses, government organisations and individuals in the ultra-secure storage of all kinds of valuable data.” In order for the platform to work, users around the world will provide memory from their computer hard drives to act as independent repositories. Their incentive for doing so is the aim to connect the maximum number of “ordinary computer users” as possible with the Memority system, thus maximising the number of independent repositories available. The platform will be powered by the Memority specific crypto token, MMR, using the smart contacts system. The team has highlighted that “5 percent of all payments for data storage will be distributed between miners who take part in block creation”, further incentivising users. Hosts will receive 90 percent of the payment from data owners for their file hosting services.

Roadmap and ICO

The Memortiy team holds a vast range of experience in blockchain, web production, financial systems and cybersecurity between them. The idea for Memority came to the team in 2016, platform development began in 2017,  and progress has been steady up until the recent release of the working alpha version, which is available now for users to test from the Memority website. The Beta release is planned for July 2018, and the fully finalised Memority 1.0 platform is scheduled to be live by March 2019.

The ICO begins on May 16 and will conclude on October 1 (1 MMR = 0.1 USD). It will be soft capped at $5 mln and hard capped at $85.5 mln. A detailed breakdown of token distribution and money distribution following the token sale is available on the Memority website.


Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Continue Reading