Crypto-jacker Leaves ICO In Its Wake
Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all reparations and ensure organisations had data protection standards at a high level. Early 2018, however, has seen the ICO and a host of government websites, both UK and abroad, fall victim to a cyber-attack in the form of Crypto-jacker.
What is crypto-jacking?
A Crypto-jacker is a strain of malware which can silently mine cryptocurrency via an internet connected device, without knowledge or permission of the owner.
As with many strains of malware, a programme must be accessed or downloaded, typically from a browser, which will then begin to mine cryptocurrency in the background. This will use up resources, CPU and power, and more often than not, will give no benefit to the user whose machine is being utilised. User’s computers are likely to slow down while the mining operation is taking place, and general operations may be affected.
Hands up, this is a crypto-jacking!
It has been revealed that government websites in multiple countries have been compromised by the cryptojacker strain of code. Government sites affected include many British government sites including UK Student Loans, the ICO and also NHS services; US governmental sites were also affected, as was the Australian Queensland Government Portal.
Security researcher Scott Helme was able to trace the code found in the ICO website to a third-party plugin, Browsealoud, which is designed to assist visually impaired visitors on website domains. The plugin's developers, Texthelp, confirmed that the plugin had been compromised to mine cryptocurrency. Following the attack Texthelp have launched an investigation into what occurred – releasing the following statement:
Martin McKay, CTO and Data Security Officer went on to say, “In light of other recent cyber-attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.” Continuing to say, “Texthelp has in place continuous automated security tests for Browsealoud - these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”
Raising the alarm
Following the crypto-jacking Helme, raised the alarm about the malware after he received a message from a friend whose antivirus software had detected an issue after visiting a UK government website.
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” Helme told Sky News. “Someone just messaged me to say their local government website in Australia is using the software as well.”
"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the one website that they all load content from," Helme noted. "In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed."
For a period of time the ICO website was unavailable. This only goes to show that cyber Threats are everywhere, with everyone at risk of an attack – even the governing body of the soon to be introduced GDPR legislation.