Government websites hit in cryptojacking attack
More than 4,200 sites have been infected with malware designed to help in mining cryptocurrencies.
Over 4,200 websites around the world including some from Australian, US and UK government sites have been infecting with cryptojacking malware.
With the cost of crypto-mining rising and the risk/return equation becoming increasingly volatile, criminals see cryptocurrency mining as an easy way to generate revenue with a relatively low risk of being apprehended. So, rather than jack up their own power bills, they are using malicious software to siphon processor power from unsuspecting victims.
In effect, the crime is the theft of computing power to then engage in cryptocurrency mining.
The cryptojacking malware was injected into a browser plugin called Browsealoud that is developed by Texthelp. The plug-in reads out webpages for visually impaired people. Either internal or external hackers added their own code into Browsealoud which used Coinhive's Monero miner to silently steal CPU cycles to generate the cryptocurrency.
The software was altered on Sunday 11 February 2018 between 02:58:04 and 13:21:56 GMT according to Helme.
Site owners could have used SRI (Sub Resource Integrity) to detect the computer code that was altered. SRI uses a "digital fingerprint" to identify software that has been verified to be safe and stops the execution of software where that unique fingerprint has been altered. In addition, the Coinhive malware is not new, with security companies making detection tools available through off-the-shelf security software.
The impact on the affected companies goes beyond the loss of a few processor cycles and some energy. With government sites affected, there will be further inquiries to ensure other malicious software has not slipped through security nets and that appropriate protocols are in place to ensure other commonly used third-party scripts and software modules are not being similarly exploited.