Cryptojacking Hits Over 4,000 Websites Including Government Pages

R

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,943
Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was comprimised, and one of their hosted script files changed, spreading the malware to all websites using it.

The crypto-jacking stuff is getting a little too common for my liking. Perhaps now that government websites have been attacked we will see some regulation. I won't hold my breath though.

This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.
 
Government is reactive, not proactive - Everyone knows this.

Perfect example is TSA security.
 
And all I keep hearing is how this is the secure Fiat of the future..
;)
 
rgMekanic said:
Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was compromised, and one of their hosted script files changed, spreading the malware to all websites using it.

The crypto-jacking stuff is getting a little too common for my liking. Perhaps now that government websites have been attacked we will see some regulation. I won't hold my breath though.

This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.
Click to expand...
A good analogy would be as far back as you can imagine thieves have been doing evil along the roadways, digital or real. I hope it can be at least minimized soon, it's not bothered me yet, I would not want it mining on my dime!
 
You must log in or register to reply here.
Back
Top