A UK security researcher has discovered that cyber criminals have been using public sector websites, including that of the UK’s Information Commissioner’s Office for cryptojacking.
What Is Cryptojacking?
If, for example, a website is able to get one million visitors a month, and if the Coin Hive Web Miner for Monero (XMR) is used, it could generate an income of £88 in the Monero crypto-currency.
Modified BrowseAloud Plugin
It is thought that criminals targeted this plugin because public sector websites need to comply with legal obligations to make their information accessible to people with disabilities.
Which Government Websites?
A recent investigation has discovered that around 5,000 websites are being targeted using this kind of cryptojacking. The government websites affected include the websites of the UK’s Information Commissioner’s Office (ICO), NHS websites, the General Medical Council website, some UK local council websites, the Student Loans Company site, some Australian government department websites, and the even the US Courts website.
What Does This Mean For Your Business?
Many businesses and organisations simply aren’t able to see and take account of all of the ways they can be attacked externally. Also, it’s not always easy to understand what belongs to your organisation, how it is connected to the rest of your asset inventory, and what potential vulnerabilities are exposed to compromise.
The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses. There are, however, some simple measures that your business can take to avoid being exploited as part of this kind of scam.
Also, a dedicated browser extension called 'No Coin' is available for Chrome, Firefox and Opera. This will stop the Coin Hive mining code being used through your browser. This extension comes with a white-list and an option to pause the extension should you wish to do so.
Coin Hive's developers have also said that they would like people to report any malicious use of Coin Hive to them. Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.
Digital threat management software is also an option that can help companies to continuously discover an inventory of their externally facing digital assets, and to manage the risks across the entire attack surface.