Crypto-jacker Leaves ICO In Its Wake

Crypto-jacker Leaves ICO In Its Wake

posted in Cyber-Security ● 5 Apr 2015

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all reparations and ensure organisations had data protection standards at a high level. Early 2018, however, has seen the ICO and a host of government websites, both UK and abroad, fall victim to a cyber-attack in the form of Crypto-jacker.

 

What is crypto-jacking?

A Crypto-jacker is a strain of malware which can silently mine cryptocurrency via an internet connected device, without knowledge or permission of the owner.

As with many strains of malware, a programme must be accessed or downloaded, typically from a browser, which will then begin to mine cryptocurrency in the background. This will use up resources, CPU and power, and more often than not, will give no benefit to the user whose machine is being utilised. User’s computers are likely to slow down while the mining operation is taking place, and general operations may be affected.

 

Hands up, this is a crypto-jacking!

It has been revealed that government websites in multiple countries have been compromised by the cryptojacker strain of code. Government sites affected include many British government sites including UK Student Loans, the ICO and also NHS services; US governmental sites were also affected, as was the Australian Queensland Government Portal.

Security researcher Scott Helme was able to trace the code found in the ICO website to a third-party plugin, Browsealoud, which is designed to assist visually impaired visitors on website domains. The plugin’s developers, Texthelp, confirmed that the plugin had been compromised to mine cryptocurrency. Following the attack Texthelp have launched an investigation into what occurred – releasing the following statement:

At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber-attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act.

Martin McKay, CTO and Data Security Officer went on to say, “In light of other recent cyber-attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” Continuing to say, “Texthelp has in place continuous automated security tests for Browsealoud – these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

Raising the alarm

Following the crypto-jacking Helme, raised the alarm about the malware after he received a message from a friend whose antivirus software had detected an issue after visiting a UK government website.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” Helme told Sky News. “Someone just messaged me to say their local government website in Australia is using the software as well.”

“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the one website that they all load content from,” Helme noted. “In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

For a period of time the ICO website was unavailable. This only goes to show that cyber Threats are everywhere, with everyone at risk of an attack – even the governing body of the soon to be introduced GDPR legislation.

 

To learn more about cybersecurity and data protection regulations, such as the upcoming GDPR, get in touch with Redstor today.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading