<html>
<p><img src="https://248qms3nhmvl15d4ne1i4pxl-wpengine.netdna-ssl.com/wp-content/uploads/2016/05/Police-lights1-760x400.jpg" width="760" height="400"/></p>
<p><a href="http://bitfury.com/">Bitfury</a>, a well-known industry group which started in 2011 as a Bitcoin mining company and has since grown into a multinational blockchain research group, has moved into the law enforcement space with the release of its new tool <a href="https://crystalblockchain.com/">Crystal</a>.The Crystal tool was designed with two main use cases in mind. The first of which is for law enforcement to track bitcoin transactions related to criminal activity. Bitcoin is commonly used in Ransomware attacks, which encrypt a user’s data and force the user to pay a certain amount of money to decrypt it. One such attack, the infamous <a href="https://www.ccn.com/tag/wannacry/">WannaCry</a>, made nearly <a href="https://www.ccn.com/google-ransomware-extortionists-net-25-million-in-two-years-95-percent-cashed-out-through-btc-e/">$25 million</a> in bitcoin over a period of two years.</p>
<p><img src="https://248qms3nhmvl15d4ne1i4pxl-wpengine.netdna-ssl.com/wp-content/uploads/2018/02/Screen-Shot-2018-02-01-at-9.53.48-AM-1024x342.png" width="1024" height="342"/></p>
<p>The creators of WannaCry, despite its vastness (about <a href="https://www.cbsnews.com/news/wannacry-ransomware-attacks-wannacry-virus-losses/">$4 billion in damages</a>), mistakes (like the infamous <a href="https://www.wired.com/2017/05/accidental-kill-switch-slowed-fridays-massive-ransomware-attack/">killswitch</a>, meant for testing whether or not the ransomware was sandboxed), and the sheer amount of money lost; no arrests have been made. The Crystal team <a href="https://crystalblockchain.com/files/Crystal-Use-Cases-Ransomware.pdf">claims</a> that this attack could have been traced in a matter of 3 hours and could have easily allowed authorities to instruct exchanges to halt withdrawals from the suspected wallet addresses in real time.The second use case for the tool is a compliance measure and risk management tool for financial institutions. As a case study, Crystal uses Bitcoin based venture capital firm aimed at the healthcare sector. The tools aim, in this case, is proving compliance with rules against violating national sanctions, funding terrorism, and money laundering. By producing transparent reports on the sources of funds and where they are going institutions can prove compliance with national laws. This prevents legal action against the venture capital fund and it’s principals. Crystal has also advertised its ability to <a href="https://crystalblockchain.com/files/Crystal-Use-Cases-Ponzi-Scheme.pdf">audit mining operations</a> in order to ensure they aren’t Ponzi schemes and <a href="https://crystalblockchain.com/files/Crystal-Use-Cases-Corruption.pdf">counteract corruption</a> of elected officials (when bribed through Bitcoin, of course).</p>
<h2><strong>Not a New Development</strong></h2>
<p>The Crystal tool is part of ongoing efforts by the BitFury Group to de-anonymize the blockchain. Earlier this year, the group announced that it had been making progress on a new method for “clustering” related wallets. They published a detailed <a href="http://bitfury.com/content/5-white-papers-research/clustering_whitepaper.pdf">white-paper</a> on the subject explaining their findings and revealing a probabilistic model for determin</p>
<h2><strong>Malware Monero Miner Targets Google’s DoubleClick</strong></h2>
<p><img src="https://248qms3nhmvl15d4ne1i4pxl-wpengine.netdna-ssl.com/wp-content/uploads/2018/02/Malware-bug-760x400.jpg" width="760" height="400"/></p>
<p>Trend Micro, a provider of security software, hardware and services, discovered a malvertising campaign on high traffic websites used by <a href="https://www.ccn.com/tag/coinhive/">Coinhive</a>, a JavaScript code that allows website admins to mine <a href="https://www.ccn.com/tag/monero/">Monero</a> with visitor’s CPUs.The attackers targeted Google’s DoubleClick, which provides Internet ad serving services for distribution, Trend Micro reported on its security intelligence <a href="https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/">blog</a>. In addition, the maladvertisements also used a separate web miner that connects to a private pool.Trend Micro has reported its findings to <a href="https://www.ccn.com/tag/google-trends/">Google</a> about the campaign, which affected Japan, France, Taiwan, Italy and Spain.Trend Micro noticed a rise in traffic to five malicious domains on Jan 18, and on Jan. 24 it found a near 285% jump in the number of Coinhive miners. The traffic came from DoubleClick advertisements.</p>
<h2><strong>Web Miner Scripts Embedded</strong></h2>
<p>Two different web miner scripts were embedded, along with a script displaying the advertisements from DoubleClick. The attacked web page displayed the legitimate advertisement while the two web miners conducted their covert tasks.The use of the advertisements on legitimate websites is believed to be a ploy to attack a greater number of users.The traffic connected to these miners declined after Jan 24.The advertisement contains a JavaScript code that creates a random number between one and 100 variables. When it creates a variable above 10, it alerts coinhive.min to mine 80% of the CPU power. This occurs 90% of the time. For the other 10%, a private web miner launches. The two miners were configured with throttle 0.2, indicating they use 80% of the CPU resources to mine.After de-obfuscating a private web miner known as mqoj_1, a JavaScript code based on Coinhive can still be identified. The modified miner then uses a different mining pool, wss[:]//ws[.]l33tsite[.]info[:]8443, which is used to avoid the Coinhive 30% commission fee.</p>
<h2><strong>Attacks Can Be Prevented</strong></h2>
<p>Coinhive miners can be prevented from using CPU resources by blocking JavaScript based applications from running on browsers, the blog noted. The impact of cryptocurrency malware and other threats exploiting system vulnerabilities can be mitigated by regularly updating and patching the software.Trend Micro Smart Protection Suites and Worry-Free Business Security protect businesses and users from threats by blocking malicious files and related URLs.Trend Micro Protection Suites provide capabilities such as behavior monitoring, web reputation services, high fidelity machine learning and application control to reduce the impact of such cryptocurrency miners and other threats.</p>
<p><br></p>
</html>
hiveblocks