Cryptocurrency-Mining Malware Affects More Than 4200 Websites Inclusive of Government Sites in UK, US & Australia

March 17, 2018

A series of websites including government websites of Australia, UK, and US have been affected by malware which makes the users computers to mine cryptocurrency. This is a worldwide security breach as has been found out by Scott Helme, a UK based Security Researcher!

Hackers have used the plug-ins to force computers to mine cryptocurrency secretly. Known also as Crypto jacking, the users are unaware as their computers generate profits for the hackers! The malware got reported on Sunday whereby many government sites of these countries like, Australia’s Victorian parliament’s or UK’s National Health Service and UK’s data protection watchdog have been compromised!

The Crypto jacking attack has hit many other sites in Australia. For e.g. The Queensland Civil and Administrative Tribunal, The Queensland Ombudsman, The Queensland Community Legal Center & the Queensland Legislation Website, to name a few.

The Information Commissioner’s Office UK had to suspend its website post it got a warning on the possible hacking! The ICO office has released a statement to the press, “We are aware of the issue and are working to resolve it!”

Third-Party Exploit

Scott Helme had spotted a third-party intrusion which plotted a script to mine cryptocurrency and he said over 4200 sites have been affected. Mr. Helme was cautioned by a friend who had received a malware warning post visiting the Information Commissioner Office website!

Helme found out the problem to be a website plug-in called Browsealoud. This website helps blind and partially blind people across the world. Texthelp is the company who makes the plug-in. They confirmed in an affirmative of the product to be maliciously affected using some cryptocurrency mining codes.

The cryptocurrency being mined was found out to be a rival to Bitcoin called Monero. The crypto is designed in such a way that it makes transactions which are then left untraceable! The plug-in added a program to the computers called Coinhive, which mined Monero via calculations on visitor’s computers.

Why Such an Attack

The market even if volatile for cryptos is enough to mint out a quick buck for the hackers! Crypto mining generates cryptocurrencies as a reward post solving mathematical puzzles and account or book keeping! Great amounts of computer processing power and electricity plus internet are required for crypto mining! Being based on a blockchain technology, it is decentralized in approach which means any computer can be used for crypto mining!

Hackers all over are counting on this very blockchain underlying technology to make quick bucks through mining. It is much better to use other people’s electricity and computer power to make money for them instead of paying the bills themselves. Software’s are hence inserted to other people’s websites which can mine for cryptocurrencies unknown to its users!

Such crypto crimes have increased many folds in the recent times. Mr. Helme from the UK said that “It is a very lucrative proposal. They infect one website and it infects close to 5000.” The damage to data or computers is still not much known of due to such attacks but the potential threat of losing personal or highly confidential data still looms over!

Breach Getting Serious

With a threat to personal information or confidential information and with an ability to affect several computers at one go, the malware attack is a serious security threat to all countries and its web spaces. Hackers can very well execute a much more creative attack causing much more damage.

Martin Mckay from TextHelp (Chief Technical Officer) said, “In light of other recent cyber-attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away.” A security review by an independent organization has been considered by TextHelp following the attack!

Mr. Helme has said that the affected code has been disabled so that visitors can access the website without any risks.

A National Cyber Security Centre Spokesman said, “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency! The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage, there is nothing to suggest that members of the public are at risk.”

Mr. Helme had developed a Report URI Tool. This tool he argues can stop such attacks. He has advised Security and IT Teams of esteemed organizations world over to use this tool or develop similar such tools!

The content security policies and their frameworks for websites of organizations should be designed to be preventive against such attacks in the future, is what Helme recommends!

One thing which is for sure is to see more such attacks happening in the near future and preparations well in advance can avert such attacks!


Source: Read Full Article