- Thousands of Government Websites Hacked to Mine Cryptocurrencies
In the last few years there was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. According to the latest report, Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors’ computers to mine cryptocurrency for attackers. The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK’s National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner’s Office (ICO), Queensland legislation, as well as the US government’s court system. Users who visited the hacked websites immediately had their computers’ processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge. According to the researcher the hackers managed to hijack a popular third-party accessibility plugin called “Browsealoud,” used by all these affected websites, and injected their cryptocurrency-mining script into its code.
Cyber Security Tips: To prevent yourself from such attack you are strongly recommended to remove Browsealoud from all websites immediately, keep your websites up-to-date, regularly do vulnerability assessment and penetration testing, check for input validation and regularly keep monitoring your web application.