What is TrakInvest

Crypto News UPDATE Blockchain & Co .: The latest from the crypto scene

Editor: Jürgen Schreier

The IoT editorial team puts together the most interesting news about blockchain, Bitcoin or IOTA in this "ticker". News of the day: DECENT launches a blockchain solution for the authentication of supplier parts and risk materials in the aviation supply chain.

Company on the subject

Private jet booking is even easier thanks to blockchain

Only representatives of the upper class will probably use this service: the trip in a private charter jet. Nevertheless, distributed ledger technology is now also conquering the world of the beautiful and the (super) rich. JetApp, the booking platform for private jet flights, is now cooperating with Advanced Blockchain AG.

JetApp aims to become the world's leading booking platform for private jets. In addition to a transparent market overview, this includes offering a wide range of services based on the latest technologies. This is the only way to ensure the best possible service on favorable terms in the future. This should be achieved through cooperation with Advanced Blockchain AG.

According to JetApp, booking a private jet won't be any more complicated than booking a train ticket in the future. The high level of automation already enables JetApp operators to offer significantly more attractive prices than traditional competitors. Now, by integrating the technology into the operations and services of JetApp, the technological lead will be expanded even further. JetApp customers will soon be able to pay for their flights with cryptocurrencies. Further applications, such as a blockchain-based incentive program for users, are being planned.

“We founded JetApp with a passion for excellent service and the desire to create decisive competitive advantages for ourselves. It was always clear to us that the intelligent use of transformative, disruptive technologies was necessary for this. DLT is an incredibly powerful technology. By partnering with one of the industry leaders, we want to unlock their immense potential, "says René Köhler, JetApp advisor.

René Marius Köhler is the owner and founder of the KOEHLER GROUP, an investment company and startup incubator based in Stuttgart. The 2,500 employees of the portfolio companies are expected to generate sales of around one billion euros in 2018.

Thales nShield HSMs support elliptic curve cryptography

Thales, provider of cybersecurity and data protection systems, announces that its nShield Hardware Security Modules (HSM) now support Elliptic Cryptographic Curves (ECC) from Edwards and Brainpool to meet the security and data integrity requirements for the latest connected vehicles, FinTechs and Meet enterprise-class IoT solutions.

Patrick Daly, Research Analyst at 451 Research, explains, "Elliptical Curve Cryptography (ECC) is used to exchange small cryptographic keys that require fewer resources to maintain the same security standards as Public Key Infrastructure (PKI) protocols. The Explosion of the IoT and connected devices has accelerated the adoption of ECC protocols well beyond SSL websites. Currently there is no clear winner for ECC protocols for IoT security. It is advisable to use it in infrastructures with broad ECC support invest because we expect the market to remain dynamic for several years. "

There are around 100 electronic control units (ECUs) in a modern vehicle, each of which has access to dedicated digital certificates to authenticate vehicle networks and external administrative services. In order for the system to provide a secure and responsive customer experience, fast cryptographic computations from devices with limited computing power and limited memory are required. Brainpool and Edwards ECC solutions are increasingly being used to meet this need.

ubirch develops blockchain-based Industry 4.0 solutions

The Cologne-based company ubirch has sealed its membership in the Center Connected Industry on the RWTH Aachen campus. As a member of the network of industrial users and suppliers as well as researchers from the fields of mechanical engineering, information and production management, the start-up is testing the use of blockchain in the production process.

ubirch shares resources with the research facilities of the RWTH Aachen Campus and can discuss the requirements for its solutions with industrial partners on site. The start-up is currently developing a solution in the Connected Industry Center with a sensor manufacturer, a mobile communications company and suppliers that will enable production facilities to communicate with each other safely and wirelessly.

"The RWTH Aachen Campus offers an excellent infrastructure for start-ups like us to develop practical new business models for Industry 4.0. We not only have access to manufacturing machines, but can also work directly with well-known industrial and technology companies on specific projects implement safe machine communication much faster and more efficiently, "explains Stephan Noller, CEO of ubirch.

dApp - a blockchain solution for the aviation industry

DECENT announces another decentralized application (dApp) based on its 3IPK platform. As part of the project, a blockchain solution is to be made available to the aviation industry. 3IPK is used to automate certification controls as well as airworthiness, supply chain and maintenance processes for the aerospace, automotive, defense and nuclear industries.

According to Maria Capova, CEO of 3IPK, the authentication of supplier products becomes a cost driver when, on the one hand, parts are purchased from all over the world within the framework of very long supply chains, while on the other hand, strict regulatory processes must be adhered to and risky raw materials must be managed. Matej Michalko, founder and CEO of DECENT, observed the current situation in the aviation industry in his personal blog a few weeks ago. He was convinced that such a situation could also cause time bottlenecks and, with poor traceability, could even become a security risk if the authentication and verification processes were not sufficiently enforced. The problems mentioned above could be solved with the DCore platform from DECENT.

With DCore, 3IPK aims to minimize problems related to tracking, authentication and verification of the supply chain. By using a feature called "Smart Dust" fingerprinting, 3IPK ensures real-time tracking so manufacturers can keep track of all the parts moving through the supply chain. According to DECENT and 3IPK, this leads to an increase in efficiency by avoiding unnecessary costs and ensuring transparency and security.

In addition, through the implementation of the certification originality check, 3IPK will provide aviation suppliers with a set of rules that accelerates and makes the payment and settlement processes in the supply chain more secure. With the latest version of DCore from DECENT, which can process more than 2000 transactions per second, 3IPK wants to implement a complex supplier management system for the aviation industry as quickly as possible.

Founded in 2015, DECENT is a non-profit foundation that developed an open source blockchain platform called DCore. Launched in 2017, DCore is a stable, scalable, and affordable open source blockchain platform. As the world's first blockchain for digital content, media and entertainment, DCore offers user-friendly software development kits to support dApp developers and companies in the decentralized network.

Identified indicators of cryptomining malware

Cryptomining malware represents a new cyber threat. It works completely differently than previously known attack techniques and is therefore extremely difficult to detect. Based on a detailed analysis of the mining malware for the crypto currency Monero, CyberArk has identified five indicators that indicate an infection.

"Using outside computing power to earn money is not something completely new, but with cryptomining it takes place with an intensity and with direct output (Bitcoins) in a dimension that has not been seen before," explains Christian Goetz, Director of Presales - DACH at CyberArk. “In stark contrast to ransomware, for example, malicious crypto miners also operate undetected in the background. As a result, detecting such attacks is also very difficult. CyberArk has therefore identified some indicators that point to cryptomining malware. "

To determine the indicators, CyberArk analyzed the XMRig source code in detail, an open source-based Monero CPU miner with Windows support, which is published under the GNU General Public License (GPL). The miner, which was largely created in C ++, has become very popular among malware writers because, among other things, it is easy to compile and offers Windows-specific performance optimizations.

The analysis of the XMRig source code has shown how a malicious crypto miner works on Windows in practice. The XMRig design approach can differ from other cryptominers, but there are five points that are generally of interest for the detection of the new malware types.

  • 1. Storage access: A characteristic feature of Monero mining is the use of the CryptoNight algorithm, which among other things leads to an optimization of the memory access speed and thus drastically increases the miner's output. In Windows, the VirtualAlloc API offers a special method for optimizing memory latency through the MEM_LARGE_PAGES flag. This flag can therefore be a valuable indicator for the initialization of a Monero miner. In addition, the user account privileges that are required for using the MEM_LARGE_PAGES flag must also be observed. Unless the malware writer properly disguises his miner, the Windows API calls required to modify these privileges are an excellent indication of Monero mining.
  • 2. Cryptomining traffic: Even if the outgoing traffic produced by a malicious crypto miner can be a clear indication of an infection, two challenges have to be taken into account: mining pools use different ports and SSL encryption is sometimes used. However, if a malware author does not hide the cryptomining traffic by using SSL or a proxy, the data traffic can be a simple indicator of a cryptomining infection both on a local machine and in the network. Since there are only a limited number of mining pools, connections to their IPs are an unmistakable sign of infection. If the target IP and host name are hidden using a proxy, the traffic patterns between the pool and miner can also be another good indicator of infection.
  • 3. CryptoNight-Logic: The lack of Windows API calls in the CryptoNight Logic on the one hand makes diagnoses with regard to API hooking or using Event Tracing for Windows (ETW) ineffective. On the other hand, the CryptoNight-Logic also opens up the possibility of reliable detection by traditional byte pattern file scanners in security products such as antivirus solutions. The reason for this is that highly specific code patterns are used, which are essential for the functioning of the miner and can hardly be changed without detailed knowledge of the cryptographic logic. In addition, the conception of a completely new CryptoNight implementation would mean too much effort from the attacker's point of view. Even attackers who want to create their own miner are tempted to copy files like CryptoNight_x86.h from projects like XMRig directly into their own code base in order to save time.
  • 4. Readable strings and command lines: Another indication of infection by crypto miners in general - XMRig is no exception - is the presence of a large number of readable strings, often unique ones. The reason for this is that all public miners are written with maximum ease of use in mind. An even simpler variant of this detection method - without the need to scan file contents - is the observation of suspicious command lines during active processes; Without recompiling a miner, the command line syntax does not change.
  • 5. CPU usage: Last but not least, heavy CPU usage is also a good indicator for crypto miners. However, there is also the risk of a high number of false positives here. As a result, the CPU usage criterion should only be used in combination with other detection methods in order to ensure maximum accuracy of the results.

Further information on the subject of cryptomining malware can be found in the whitepaper "Behind the Hidden Conversion of Electricity to Money: An In-Depth Analysis of XMR Cryptominer Malware".

Health data services in the Open Telekom Cloud

09/03/2018: Grapevine World successfully qualifies for the “SoftwareBoost” partner program of Telekom Deutschland GmbH, the largest European ICT service provider. As part of the program, Grapevine World is relocating its blockchain-based, secure exchange of health data to the Open Telekom Cloud.

Telekom Deutschland becomes a core hosting provider for the Grapevine services related to the secure international exchange of health data. The use of the public cloud enables data storage with special consideration of data protection, data security and GDPR.

Vienna-based company Grapevine World has developed an innovative blockchain-based platform. The decentralized ecosystem enables a smooth and secure exchange of health data. In a pilot project with Tiani Spirit, the University of Southampton and a Forbes 100 pharmaceutical company, its potential is being tested in a selected clinical study. Grapevine World makes anonymized data accessible, regardless of where it is stored.

Illegal crypto mining - a new trend

08/30/2018: In total, the analysts at the IT security company G DATA identified around 2.4 million new malware types in the first six months of 2018. The threat situation is currently changing significantly - nine of the ten most recognized malware threats from last year were no longer in the top 10 in the first half of 2018. A trend of the bad guys in 2018: the secret and illegal mining of crypto currencies - so-called crypto mining. Pests for the Windows PC that mine crypto currencies often hide on websites. The computers of those who surfed these sites are used to generate a financial gain for the criminals.