Make-A-Wish Foundation

Make-A-Wish Foundation operates through its primary domain worldwish.org, functioning as a charitable organization focused on fulfilling wishes for children facing critical illnesses. While specific details regarding its core services, operational scope, and markets served beyond the United States headquarters are not elaborated in the provided incident report, its public-facing website serves as a key platform for engagement. The organization relies on web technologies to support its mission and interact with donors, volunteers, and beneficiaries.

A significant distinguishing attribute highlighted by a documented cybersecurity incident is the organization's vulnerability to exploitation through widely-used content management systems. On November 19, 2018, attackers successfully compromised the Make-A-Wish Foundation website by exploiting a critical vulnerability in the Drupal content management system. This breach resulted in the injection of a cryptojacking script onto the site. The malicious payload covertly utilized the computing resources of unsuspecting website visitors to mine cryptocurrency without their consent. The attackers employed sophisticated evasion techniques, including hosting the payload on a domain associated with prior cybercriminal activity and utilizing dynamic domain changes coupled with WebSocket communications to bypass detection mechanisms. This incident underscores the persistent threat posed by unpatched software vulnerabilities, particularly in widely deployed platforms like Drupal, even after public disclosure. It also illustrates the broader challenge faced by organizations in differentiating malicious cryptojacking activity from legitimate resource consumption. While the charity's website was subsequently cleansed of the script, the attack exemplifies how high-traffic platforms remain attractive targets for unauthorized cryptocurrency mining operations leveraging known exploit infrastructures tied to outdated systems.